xx/ElasticBurp
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

make it possible to build .jar with Jython bundled

Browse source
This commit is contained in:
Rasmus Moorats 2021-11-19 14:13:15 +02:00
parent 0019922fb5
commit 2280ad8fed
Signed by: xx
GPG key ID: FE14255A6AE7241C
46 changed files with 4232 additions and 0 deletions

2
.gitignore vendored
View file

@ -1,4 +1,6 @@
*.swp
*.class
*.pyc
*.jar
.jython_cache
out

41
JarShim/burp/BurpExtender.java Normal file
View file

@ -0,0 +1,41 @@
package burp;
import burp.JythonFactory;
import java.io.ByteArrayOutputStream;
public class BurpExtender
{
private static IBurpExtender handler;
private JythonFactory jf = null;
public BurpExtender()
{
if (handler == null)
{
jf = new JythonFactory();
BurpExtender.handler = (IBurpExtender) jf
.getJythonObject(IBurpExtender.class.getName(),
"ElasticBurp");
}
}
public static IBurpExtender getHandler()
{
return handler;
}
public static void setHandler(IBurpExtender handle)
{
handler = handle;
}
public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks)
{
handler.registerExtenderCallbacks(callbacks);
jf.interpreter.setOut(callbacks.getStdout());
jf.interpreter.setErr(callbacks.getStderr());
}
}

97
JarShim/burp/IBurpCollaboratorClientContext.java Normal file
View file

@ -0,0 +1,97 @@
package burp;
/*
* @(#)IBurpCollaboratorClientContext.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* This interface represents an instance of a Burp Collaborator client context,
* which can be used to generate Burp Collaborator payloads and poll the
* Collaborator server for any network interactions that result from using those
* payloads. Extensions can obtain new instances of this class by calling
* <code>IBurpExtenderCallbacks.createBurpCollaboratorClientContext()</code>.
* Note that each Burp Collaborator client context is tied to the Collaborator
* server configuration that was in place at the time the context was created.
*/
public interface IBurpCollaboratorClientContext
{
/**
* This method is used to generate new Burp Collaborator payloads.
*
* @param includeCollaboratorServerLocation Specifies whether to include the
* Collaborator server location in the generated payload.
* @return The payload that was generated.
*
* @throws IllegalStateException if Burp Collaborator is disabled
*/
String generatePayload(boolean includeCollaboratorServerLocation);
/**
* This method is used to retrieve all interactions received by the
* Collaborator server resulting from payloads that were generated for this
* context.
*
* @return The Collaborator interactions that have occurred resulting from
* payloads that were generated for this context.
*
* @throws IllegalStateException if Burp Collaborator is disabled
*/
List<IBurpCollaboratorInteraction> fetchAllCollaboratorInteractions();
/**
* This method is used to retrieve interactions received by the Collaborator
* server resulting from a single payload that was generated for this
* context.
*
* @param payload The payload for which interactions will be retrieved.
* @return The Collaborator interactions that have occurred resulting from
* the given payload.
*
* @throws IllegalStateException if Burp Collaborator is disabled
*/
List<IBurpCollaboratorInteraction> fetchCollaboratorInteractionsFor(String payload);
/**
* This method is used to retrieve all interactions made by Burp Infiltrator
* instrumentation resulting from payloads that were generated for this
* context.
*
* @return The interactions triggered by the Burp Infiltrator
* instrumentation that have occurred resulting from payloads that were
* generated for this context.
*
* @throws IllegalStateException if Burp Collaborator is disabled
*/
List<IBurpCollaboratorInteraction> fetchAllInfiltratorInteractions();
/**
* This method is used to retrieve interactions made by Burp Infiltrator
* instrumentation resulting from a single payload that was generated for
* this context.
*
* @param payload The payload for which interactions will be retrieved.
* @return The interactions triggered by the Burp Infiltrator
* instrumentation that have occurred resulting from the given payload.
*
* @throws IllegalStateException if Burp Collaborator is disabled
*/
List<IBurpCollaboratorInteraction> fetchInfiltratorInteractionsFor(String payload);
/**
* This method is used to retrieve the network location of the Collaborator
* server.
*
* @return The hostname or IP address of the Collaborator server.
*
* @throws IllegalStateException if Burp Collaborator is disabled
*/
String getCollaboratorServerLocation();
}

41
JarShim/burp/IBurpCollaboratorInteraction.java Normal file
View file

@ -0,0 +1,41 @@
package burp;
/*
* @(#)IBurpCollaboratorInteraction.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.Map;
/**
* This interface represents a network interaction that occurred with the Burp
* Collaborator server.
*/
public interface IBurpCollaboratorInteraction
{
/**
* This method is used to retrieve a property of the interaction. Properties
* of all interactions are: interaction_id, type, client_ip, and time_stamp.
* Properties of DNS interactions are: query_type and raw_query. The
* raw_query value is Base64-encoded. Properties of HTTP interactions are:
* protocol, request, and response. The request and response values are
* Base64-encoded.
*
* @param name The name of the property to retrieve.
* @return A string representing the property value, or null if not present.
*/
String getProperty(String name);
/**
* This method is used to retrieve a map containing all properties of the
* interaction.
*
* @return A map containing all properties of the interaction.
*/
Map<String, String> getProperties();
}

31
JarShim/burp/IBurpExtender.java Normal file
View file

@ -0,0 +1,31 @@
package burp;
/*
* @(#)IBurpExtender.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* All extensions must implement this interface.
*
* Implementations must be called BurpExtender, in the package burp, must be
* declared public, and must provide a default (public, no-argument)
* constructor.
*/
public interface IBurpExtender
{
/**
* This method is invoked when the extension is loaded. It registers an
* instance of the
* <code>IBurpExtenderCallbacks</code> interface, providing methods that may
* be invoked by the extension to perform various actions.
*
* @param callbacks An
* <code>IBurpExtenderCallbacks</code> object.
*/
void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks);
}

1173
JarShim/burp/IBurpExtenderCallbacks.java Normal file
View file

File diff suppressed because it is too large Load diff

39
JarShim/burp/IContextMenuFactory.java Normal file
View file

@ -0,0 +1,39 @@
package burp;
/*
* @(#)IContextMenuFactory.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import javax.swing.JMenuItem;
import java.util.List;
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerContextMenuFactory()</code> to register
* a factory for custom context menu items.
*/
public interface IContextMenuFactory
{
/**
* This method will be called by Burp when the user invokes a context menu
* anywhere within Burp. The factory can then provide any custom context
* menu items that should be displayed in the context menu, based on the
* details of the menu invocation.
*
* @param invocation An object that implements the
* <code>IContextMenuInvocation</code> interface, which the extension can
* query to obtain details of the context menu invocation.
* @return A list of custom menu items (which may include sub-menus,
* checkbox menu items, etc.) that should be displayed. Extensions may
* return
* <code>null</code> from this method, to indicate that no menu items are
* required.
*/
List<JMenuItem> createMenuItems(IContextMenuInvocation invocation);
}

156
JarShim/burp/IContextMenuInvocation.java Normal file
View file

@ -0,0 +1,156 @@
package burp;
/*
* @(#)IContextMenuInvocation.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.awt.event.InputEvent;
/**
* This interface is used when Burp calls into an extension-provided
* <code>IContextMenuFactory</code> with details of a context menu invocation.
* The custom context menu factory can query this interface to obtain details of
* the invocation event, in order to determine what menu items should be
* displayed.
*/
public interface IContextMenuInvocation
{
/**
* Used to indicate that the context menu is being invoked in a request
* editor.
*/
byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0;
/**
* Used to indicate that the context menu is being invoked in a response
* editor.
*/
byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1;
/**
* Used to indicate that the context menu is being invoked in a non-editable
* request viewer.
*/
byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2;
/**
* Used to indicate that the context menu is being invoked in a non-editable
* response viewer.
*/
byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3;
/**
* Used to indicate that the context menu is being invoked in the Target
* site map tree.
*/
byte CONTEXT_TARGET_SITE_MAP_TREE = 4;
/**
* Used to indicate that the context menu is being invoked in the Target
* site map table.
*/
byte CONTEXT_TARGET_SITE_MAP_TABLE = 5;
/**
* Used to indicate that the context menu is being invoked in the Proxy
* history.
*/
byte CONTEXT_PROXY_HISTORY = 6;
/**
* Used to indicate that the context menu is being invoked in the Scanner
* results.
*/
byte CONTEXT_SCANNER_RESULTS = 7;
/**
* Used to indicate that the context menu is being invoked in the Intruder
* payload positions editor.
*/
byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8;
/**
* Used to indicate that the context menu is being invoked in an Intruder
* attack results.
*/
byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9;
/**
* Used to indicate that the context menu is being invoked in a search
* results window.
*/
byte CONTEXT_SEARCH_RESULTS = 10;
/**
* This method can be used to retrieve the native Java input event that was
* the trigger for the context menu invocation.
*
* @return The <code>InputEvent</code> that was the trigger for the context
* menu invocation.
*/
InputEvent getInputEvent();
/**
* This method can be used to retrieve the Burp tool within which the
* context menu was invoked.
*
* @return A flag indicating the Burp tool within which the context menu was
* invoked. Burp tool flags are defined in the
* <code>IBurpExtenderCallbacks</code> interface.
*/
int getToolFlag();
/**
* This method can be used to retrieve the context within which the menu was
* invoked.
*
* @return An index indicating the context within which the menu was
* invoked. The indices used are defined within this interface.
*/
byte getInvocationContext();
/**
* This method can be used to retrieve the bounds of the user's selection
* into the current message, if applicable.
*
* @return An int[2] array containing the start and end offsets of the
* user's selection in the current message. If the user has not made any
* selection in the current message, both offsets indicate the position of
* the caret within the editor. If the menu is not being invoked from a
* message editor, the method returns <code>null</code>.
*/
int[] getSelectionBounds();
/**
* This method can be used to retrieve details of the HTTP requests /
* responses that were shown or selected by the user when the context menu
* was invoked.
*
* <b>Note:</b> For performance reasons, the objects returned from this
* method are tied to the originating context of the messages within the
* Burp UI. For example, if a context menu is invoked on the Proxy intercept
* panel, then the
* <code>IHttpRequestResponse</code> returned by this method will reflect
* the current contents of the interception panel, and this will change when
* the current message has been forwarded or dropped. If your extension
* needs to store details of the message for which the context menu has been
* invoked, then you should query those details from the
* <code>IHttpRequestResponse</code> at the time of invocation, or you
* should use
* <code>IBurpExtenderCallbacks.saveBuffersToTempFiles()</code> to create a
* persistent read-only copy of the
* <code>IHttpRequestResponse</code>.
*
* @return An array of <code>IHttpRequestResponse</code> objects
* representing the items that were shown or selected by the user when the
* context menu was invoked. This method returns <code>null</code> if no
* messages are applicable to the invocation.
*/
IHttpRequestResponse[] getSelectedMessages();
/**
* This method can be used to retrieve details of the Scanner issues that
* were selected by the user when the context menu was invoked.
*
* @return An array of <code>IScanIssue</code> objects representing the
* issues that were selected by the user when the context menu was invoked.
* This method returns <code>null</code> if no Scanner issues are applicable
* to the invocation.
*/
IScanIssue[] getSelectedIssues();
}

61
JarShim/burp/ICookie.java Normal file
View file

@ -0,0 +1,61 @@
package burp;
/*
* @(#)ICookie.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.Date;
/**
* This interface is used to hold details about an HTTP cookie.
*/
public interface ICookie
{
/**
* This method is used to retrieve the domain for which the cookie is in
* scope.
*
* @return The domain for which the cookie is in scope. <b>Note:</b> For
* cookies that have been analyzed from responses (by calling
* <code>IExtensionHelpers.analyzeResponse()</code> and then
* <code>IResponseInfo.getCookies()</code>, the domain will be
* <code>null</code> if the response did not explicitly set a domain
* attribute for the cookie.
*/
String getDomain();
/**
* This method is used to retrieve the path for which the cookie is in
* scope.
*
* @return The path for which the cookie is in scope or null if none is set.
*/
String getPath();
/**
* This method is used to retrieve the expiration time for the cookie.
*
* @return The expiration time for the cookie, or
* <code>null</code> if none is set (i.e., for non-persistent session
* cookies).
*/
Date getExpiration();
/**
* This method is used to retrieve the name of the cookie.
*
* @return The name of the cookie.
*/
String getName();
/**
* This method is used to retrieve the value of the cookie.
* @return The value of the cookie.
*/
String getValue();
}

367
JarShim/burp/IExtensionHelpers.java Normal file
View file

@ -0,0 +1,367 @@
package burp;
/*
* @(#)IExtensionHelpers.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.net.URL;
import java.util.List;
/**
* This interface contains a number of helper methods, which extensions can use
* to assist with various common tasks that arise for Burp extensions.
*
* Extensions can call <code>IBurpExtenderCallbacks.getHelpers</code> to obtain
* an instance of this interface.
*/
public interface IExtensionHelpers
{
/**
* This method can be used to analyze an HTTP request, and obtain various
* key details about it.
*
* @param request An <code>IHttpRequestResponse</code> object containing the
* request to be analyzed.
* @return An <code>IRequestInfo</code> object that can be queried to obtain
* details about the request.
*/
IRequestInfo analyzeRequest(IHttpRequestResponse request);
/**
* This method can be used to analyze an HTTP request, and obtain various
* key details about it.
*
* @param httpService The HTTP service associated with the request. This is
* optional and may be <code>null</code>, in which case the resulting
* <code>IRequestInfo</code> object will not include the full request URL.
* @param request The request to be analyzed.
* @return An <code>IRequestInfo</code> object that can be queried to obtain
* details about the request.
*/
IRequestInfo analyzeRequest(IHttpService httpService, byte[] request);
/**
* This method can be used to analyze an HTTP request, and obtain various
* key details about it. The resulting <code>IRequestInfo</code> object will
* not include the full request URL. To obtain the full URL, use one of the
* other overloaded <code>analyzeRequest()</code> methods.
*
* @param request The request to be analyzed.
* @return An <code>IRequestInfo</code> object that can be queried to obtain
* details about the request.
*/
IRequestInfo analyzeRequest(byte[] request);
/**
* This method can be used to analyze an HTTP response, and obtain various
* key details about it.
*
* @param response The response to be analyzed.
* @return An <code>IResponseInfo</code> object that can be queried to
* obtain details about the response.
*/
IResponseInfo analyzeResponse(byte[] response);
/**
* This method can be used to retrieve details of a specified parameter
* within an HTTP request. <b>Note:</b> Use <code>analyzeRequest()</code> to
* obtain details of all parameters within the request.
*
* @param request The request to be inspected for the specified parameter.
* @param parameterName The name of the parameter to retrieve.
* @return An <code>IParameter</code> object that can be queried to obtain
* details about the parameter, or <code>null</code> if the parameter was
* not found.
*/
IParameter getRequestParameter(byte[] request, String parameterName);
/**
* This method can be used to URL-decode the specified data.
*
* @param data The data to be decoded.
* @return The decoded data.
*/
String urlDecode(String data);
/**
* This method can be used to URL-encode the specified data. Any characters
* that do not need to be encoded within HTTP requests are not encoded.
*
* @param data The data to be encoded.
* @return The encoded data.
*/
String urlEncode(String data);
/**
* This method can be used to URL-decode the specified data.
*
* @param data The data to be decoded.
* @return The decoded data.
*/
byte[] urlDecode(byte[] data);
/**
* This method can be used to URL-encode the specified data. Any characters
* that do not need to be encoded within HTTP requests are not encoded.
*
* @param data The data to be encoded.
* @return The encoded data.
*/
byte[] urlEncode(byte[] data);
/**
* This method can be used to Base64-decode the specified data.
*
* @param data The data to be decoded.
* @return The decoded data.
*/
byte[] base64Decode(String data);
/**
* This method can be used to Base64-decode the specified data.
*
* @param data The data to be decoded.
* @return The decoded data.
*/
byte[] base64Decode(byte[] data);
/**
* This method can be used to Base64-encode the specified data.
*
* @param data The data to be encoded.
* @return The encoded data.
*/
String base64Encode(String data);
/**
* This method can be used to Base64-encode the specified data.
*
* @param data The data to be encoded.
* @return The encoded data.
*/
String base64Encode(byte[] data);
/**
* This method can be used to convert data from String form into an array of
* bytes. The conversion does not reflect any particular character set, and
* a character with the hex representation 0xWXYZ will always be converted
* into a byte with the representation 0xYZ. It performs the opposite
* conversion to the method <code>bytesToString()</code>, and byte-based
* data that is converted to a String and back again using these two methods
* is guaranteed to retain its integrity (which may not be the case with
* conversions that reflect a given character set).
*
* @param data The data to be converted.
* @return The converted data.
*/
byte[] stringToBytes(String data);
/**
* This method can be used to convert data from an array of bytes into
* String form. The conversion does not reflect any particular character
* set, and a byte with the representation 0xYZ will always be converted
* into a character with the hex representation 0x00YZ. It performs the
* opposite conversion to the method <code>stringToBytes()</code>, and
* byte-based data that is converted to a String and back again using these
* two methods is guaranteed to retain its integrity (which may not be the
* case with conversions that reflect a given character set).
*
* @param data The data to be converted.
* @return The converted data.
*/
String bytesToString(byte[] data);
/**
* This method searches a piece of data for the first occurrence of a
* specified pattern. It works on byte-based data in a way that is similar
* to the way the native Java method <code>String.indexOf()</code> works on
* String-based data.
*
* @param data The data to be searched.
* @param pattern The pattern to be searched for.
* @param caseSensitive Flags whether or not the search is case-sensitive.
* @param from The offset within <code>data</code> where the search should
* begin.
* @param to The offset within <code>data</code> where the search should
* end.
* @return The offset of the first occurrence of the pattern within the
* specified bounds, or -1 if no match is found.
*/
int indexOf(
byte[] data,
byte[] pattern,
boolean caseSensitive,
int from,
int to);
/**
* This method builds an HTTP message containing the specified headers and
* message body. If applicable, the Content-Length header will be added or
* updated, based on the length of the body.
*
* @param headers A list of headers to include in the message.
* @param body The body of the message, of <code>null</code> if the message
* has an empty body.
* @return The resulting full HTTP message.
*/
byte[] buildHttpMessage(List<String> headers, byte[] body);
/**
* This method creates a GET request to the specified URL. The headers used
* in the request are determined by the Request headers settings as
* configured in Burp Spider's options.
*
* @param url The URL to which the request should be made.
* @return A request to the specified URL.
*/
byte[] buildHttpRequest(URL url);
/**
* This method adds a new parameter to an HTTP request, and if appropriate
* updates the Content-Length header.
*
* @param request The request to which the parameter should be added.
* @param parameter An <code>IParameter</code> object containing details of
* the parameter to be added. Supported parameter types are:
* <code>PARAM_URL</code>, <code>PARAM_BODY</code> and
* <code>PARAM_COOKIE</code>.
* @return A new HTTP request with the new parameter added.
*/
byte[] addParameter(byte[] request, IParameter parameter);
/**
* This method removes a parameter from an HTTP request, and if appropriate
* updates the Content-Length header.
*
* @param request The request from which the parameter should be removed.
* @param parameter An <code>IParameter</code> object containing details of
* the parameter to be removed. Supported parameter types are:
* <code>PARAM_URL</code>, <code>PARAM_BODY</code> and
* <code>PARAM_COOKIE</code>.
* @return A new HTTP request with the parameter removed.
*/
byte[] removeParameter(byte[] request, IParameter parameter);
/**
* This method updates the value of a parameter within an HTTP request, and
* if appropriate updates the Content-Length header. <b>Note:</b> This
* method can only be used to update the value of an existing parameter of a
* specified type. If you need to change the type of an existing parameter,
* you should first call <code>removeParameter()</code> to remove the
* parameter with the old type, and then call <code>addParameter()</code> to
* add a parameter with the new type.
*
* @param request The request containing the parameter to be updated.
* @param parameter An <code>IParameter</code> object containing details of
* the parameter to be updated. Supported parameter types are:
* <code>PARAM_URL</code>, <code>PARAM_BODY</code> and
* <code>PARAM_COOKIE</code>.
* @return A new HTTP request with the parameter updated.
*/
byte[] updateParameter(byte[] request, IParameter parameter);
/**
* This method can be used to toggle a request's method between GET and
* POST. Parameters are relocated between the URL query string and message
* body as required, and the Content-Length header is created or removed as
* applicable.
*
* @param request The HTTP request whose method should be toggled.
* @return A new HTTP request using the toggled method.
*/
byte[] toggleRequestMethod(byte[] request);
/**
* This method constructs an <code>IHttpService</code> object based on the
* details provided.
*
* @param host The HTTP service host.
* @param port The HTTP service port.
* @param protocol The HTTP service protocol.
* @return An <code>IHttpService</code> object based on the details
* provided.
*/
IHttpService buildHttpService(String host, int port, String protocol);
/**
* This method constructs an <code>IHttpService</code> object based on the
* details provided.
*
* @param host The HTTP service host.
* @param port The HTTP service port.
* @param useHttps Flags whether the HTTP service protocol is HTTPS or HTTP.
* @return An <code>IHttpService</code> object based on the details
* provided.
*/
IHttpService buildHttpService(String host, int port, boolean useHttps);
/**
* This method constructs an <code>IParameter</code> object based on the
* details provided.
*
* @param name The parameter name.
* @param value The parameter value.
* @param type The parameter type, as defined in the <code>IParameter</code>
* interface.
* @return An <code>IParameter</code> object based on the details provided.
*/
IParameter buildParameter(String name, String value, byte type);
/**
* This method constructs an <code>IHttpHeader</code> object based on the
* details provided.
*
* @param name The header name.
* @param value The header value.
* @return An <code>IHttpHeader</code> object based on the details provided.
*/
IHttpHeader buildHeader(String name, String value);
/**
* This method constructs an <code>IScannerInsertionPoint</code> object
* based on the details provided. It can be used to quickly create a simple
* insertion point based on a fixed payload location within a base request.
*
* @param insertionPointName The name of the insertion point.
* @param baseRequest The request from which to build scan requests.
* @param from The offset of the start of the payload location.
* @param to The offset of the end of the payload location.
* @return An <code>IScannerInsertionPoint</code> object based on the
* details provided.
*/
IScannerInsertionPoint makeScannerInsertionPoint(
String insertionPointName,
byte[] baseRequest,
int from,
int to);
/**
* This method analyzes one or more responses to identify variations in a
* number of attributes and returns an <code>IResponseVariations</code>
* object that can be queried to obtain details of the variations.
*
* @param responses The responses to analyze.
* @return An <code>IResponseVariations</code> object representing the
* variations in the responses.
*/
IResponseVariations analyzeResponseVariations(byte[]... responses);
/**
* This method analyzes one or more responses to identify the number of
* occurrences of the specified keywords and returns an
* <code>IResponseKeywords</code> object that can be queried to obtain
* details of the number of occurrences of each keyword.
*
* @param keywords The keywords to look for.
* @param responses The responses to analyze.
* @return An <code>IResponseKeywords</code> object representing the counts
* of the keywords appearing in the responses.
*/
IResponseKeywords analyzeResponseKeywords(List<String> keywords, byte[]... responses);
}

27
JarShim/burp/IExtensionStateListener.java Normal file
View file

@ -0,0 +1,27 @@
package burp;
/*
* @(#)IExtensionStateListener.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerExtensionStateListener()</code> to
* register an extension state listener. The listener will be notified of
* changes to the extension's state. <b>Note:</b> Any extensions that start
* background threads or open system resources (such as files or database
* connections) should register a listener and terminate threads / close
* resources when the extension is unloaded.
*/
public interface IExtensionStateListener
{
/**
* This method is called when the extension is unloaded.
*/
void extensionUnloaded();
}

27
JarShim/burp/IHttpHeader.java Normal file
View file

@ -0,0 +1,27 @@
package burp;
/*
* @(#)IHttpHeader.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to hold details about an HTTP/2 header.
*/
public interface IHttpHeader
{
/**
* This method is used to retrieve the name of the header.
* @return The name of the header.
*/
String getName();
/**
* This method is used to retrieve the value of the header.
* @return The value of the header.
*/
String getValue();
}

38
JarShim/burp/IHttpListener.java Normal file
View file

@ -0,0 +1,38 @@
package burp;
/*
* @(#)IHttpListener.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerHttpListener()</code> to register an
* HTTP listener. The listener will be notified of requests and responses made
* by any Burp tool. Extensions can perform custom analysis or modification of
* these messages by registering an HTTP listener.
*/
public interface IHttpListener
{
/**
* This method is invoked when an HTTP request is about to be issued, and
* when an HTTP response has been received.
*
* @param toolFlag A flag indicating the Burp tool that issued the request.
* Burp tool flags are defined in the
* <code>IBurpExtenderCallbacks</code> interface.
* @param messageIsRequest Flags whether the method is being invoked for a
* request or response.
* @param messageInfo Details of the request / response to be processed.
* Extensions can call the setter methods on this object to update the
* current message and so modify Burp's behavior.
*/
void processHttpMessage(
int toolFlag,
boolean messageIsRequest,
IHttpRequestResponse messageInfo);
}

102
JarShim/burp/IHttpRequestResponse.java Normal file
View file

@ -0,0 +1,102 @@
package burp;
/*
* @(#)IHttpRequestResponse.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to retrieve and update details about HTTP messages.
*
* <b>Note:</b> The setter methods generally can only be used before the message
* has been processed, and not in read-only contexts. The getter methods
* relating to response details can only be used after the request has been
* issued.
*/
public interface IHttpRequestResponse
{
/**
* This method is used to retrieve the request message.
*
* @return The request message.
*/
byte[] getRequest();
/**
* This method is used to update the request message.
*
* @param message The new request message.
*/
void setRequest(byte[] message);
/**
* This method is used to retrieve the response message.
*
* @return The response message.
*/
byte[] getResponse();
/**
* This method is used to update the response message.
*
* @param message The new response message.
*/
void setResponse(byte[] message);
/**
* This method is used to retrieve the user-annotated comment for this item,
* if applicable.
*
* @return The user-annotated comment for this item, or null if none is set.
*/
String getComment();
/**
* This method is used to update the user-annotated comment for this item.
*
* @param comment The comment to be assigned to this item.
*/
void setComment(String comment);
/**
* This method is used to retrieve the user-annotated highlight for this
* item, if applicable.
*
* @return The user-annotated highlight for this item, or null if none is
* set.
*/
String getHighlight();
/**
* This method is used to update the user-annotated highlight for this item.
*
* @param color The highlight color to be assigned to this item. Accepted
* values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray,
* or a null String to clear any existing highlight.
*/
void setHighlight(String color);
/**
* This method is used to retrieve the HTTP service for this request /
* response.
*
* @return An
* <code>IHttpService</code> object containing details of the HTTP service.
*/
IHttpService getHttpService();
/**
* This method is used to update the HTTP service for this request /
* response.
*
* @param httpService An
* <code>IHttpService</code> object containing details of the new HTTP
* service.
*/
void setHttpService(IHttpService httpService);
}

25
JarShim/burp/IHttpRequestResponsePersisted.java Normal file
View file

@ -0,0 +1,25 @@
package burp;
/*
* @(#)IHttpRequestResponsePersisted.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used for an
* <code>IHttpRequestResponse</code> object whose request and response messages
* have been saved to temporary files using
* <code>IBurpExtenderCallbacks.saveBuffersToTempFiles()</code>.
*/
public interface IHttpRequestResponsePersisted extends IHttpRequestResponse
{
/**
* This method is deprecated and no longer performs any action.
*/
@Deprecated
void deleteTempFiles();
}

44
JarShim/burp/IHttpRequestResponseWithMarkers.java Normal file
View file

@ -0,0 +1,44 @@
package burp;
/*
* @(#)IHttpRequestResponseWithMarkers.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* This interface is used for an
* <code>IHttpRequestResponse</code> object that has had markers applied.
* Extensions can create instances of this interface using
* <code>IBurpExtenderCallbacks.applyMarkers()</code>, or provide their own
* implementation. Markers are used in various situations, such as specifying
* Intruder payload positions, Scanner insertion points, and highlights in
* Scanner issues.
*/
public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse
{
/**
* This method returns the details of the request markers.
*
* @return A list of index pairs representing the offsets of markers for the
* request message. Each item in the list is an int[2] array containing the
* start and end offsets for the marker. The method may return
* <code>null</code> if no request markers are defined.
*/
List<int[]> getRequestMarkers();
/**
* This method returns the details of the response markers.
*
* @return A list of index pairs representing the offsets of markers for the
* response message. Each item in the list is an int[2] array containing the
* start and end offsets for the marker. The method may return
* <code>null</code> if no response markers are defined.
*/
List<int[]> getResponseMarkers();
}

39
JarShim/burp/IHttpService.java Normal file
View file

@ -0,0 +1,39 @@
package burp;
/*
* @(#)IHttpService.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to provide details about an HTTP service, to which
* HTTP requests can be sent.
*/
public interface IHttpService
{
/**
* This method returns the hostname or IP address for the service.
*
* @return The hostname or IP address for the service.
*/
String getHost();
/**
* This method returns the port number for the service.
*
* @return The port number for the service.
*/
int getPort();
/**
* This method returns the protocol for the service.
*
* @return The protocol for the service. Expected values are "http" or
* "https".
*/
String getProtocol();
}

116
JarShim/burp/IInterceptedProxyMessage.java Normal file
View file

@ -0,0 +1,116 @@
package burp;
/*
* @(#)IInterceptedProxyMessage.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.net.InetAddress;
/**
* This interface is used to represent an HTTP message that has been intercepted
* by Burp Proxy. Extensions can register an
* <code>IProxyListener</code> to receive details of proxy messages using this
* interface. *
*/
public interface IInterceptedProxyMessage
{
/**
* This action causes Burp Proxy to follow the current interception rules to
* determine the appropriate action to take for the message.
*/
int ACTION_FOLLOW_RULES = 0;
/**
* This action causes Burp Proxy to present the message to the user for
* manual review or modification.
*/
int ACTION_DO_INTERCEPT = 1;
/**
* This action causes Burp Proxy to forward the message to the remote server
* or client, without presenting it to the user.
*/
int ACTION_DONT_INTERCEPT = 2;
/**
* This action causes Burp Proxy to drop the message.
*/
int ACTION_DROP = 3;
/**
* This action causes Burp Proxy to follow the current interception rules to
* determine the appropriate action to take for the message, and then make a
* second call to processProxyMessage.
*/
int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10;
/**
* This action causes Burp Proxy to present the message to the user for
* manual review or modification, and then make a second call to
* processProxyMessage.
*/
int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11;
/**
* This action causes Burp Proxy to skip user interception, and then make a
* second call to processProxyMessage.
*/
int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12;
/**
* This method retrieves a unique reference number for this
* request/response.
*
* @return An identifier that is unique to a single request/response pair.
* Extensions can use this to correlate details of requests and responses
* and perform processing on the response message accordingly.
*/
int getMessageReference();
/**
* This method retrieves details of the intercepted message.
*
* @return An <code>IHttpRequestResponse</code> object containing details of
* the intercepted message.
*/
IHttpRequestResponse getMessageInfo();
/**
* This method retrieves the currently defined interception action. The
* default action is
* <code>ACTION_FOLLOW_RULES</code>. If multiple proxy listeners are
* registered, then other listeners may already have modified the
* interception action before it reaches the current listener. This method
* can be used to determine whether this has occurred.
*
* @return The currently defined interception action. Possible values are
* defined within this interface.
*/
int getInterceptAction();
/**
* This method is used to update the interception action.
*
* @param interceptAction The new interception action. Possible values are
* defined within this interface.
*/
void setInterceptAction(int interceptAction);
/**
* This method retrieves the name of the Burp Proxy listener that is
* processing the intercepted message.
*
* @return The name of the Burp Proxy listener that is processing the
* intercepted message. The format is the same as that shown in the Proxy
* Listeners UI - for example, "127.0.0.1:8080".
*/
String getListenerInterface();
/**
* This method retrieves the client IP address from which the request for
* the intercepted message was received.
*
* @return The client IP address from which the request for the intercepted
* message was received.
*/
InetAddress getClientIpAddress();
}

31
JarShim/burp/IIntruderAttack.java Normal file
View file

@ -0,0 +1,31 @@
package burp;
/*
* @(#)IIntruderAttack.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to hold details about an Intruder attack.
*/
public interface IIntruderAttack
{
/**
* This method is used to retrieve the HTTP service for the attack.
*
* @return The HTTP service for the attack.
*/
IHttpService getHttpService();
/**
* This method is used to retrieve the request template for the attack.
*
* @return The request template for the attack.
*/
byte[] getRequestTemplate();
}

50
JarShim/burp/IIntruderPayloadGenerator.java Normal file
View file

@ -0,0 +1,50 @@
package burp;
/*
* @(#)IIntruderPayloadGenerator.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used for custom Intruder payload generators. Extensions
* that have registered an
* <code>IIntruderPayloadGeneratorFactory</code> must return a new instance of
* this interface when required as part of a new Intruder attack.
*/
public interface IIntruderPayloadGenerator
{
/**
* This method is used by Burp to determine whether the payload generator is
* able to provide any further payloads.
*
* @return Extensions should return
* <code>false</code> when all the available payloads have been used up,
* otherwise
* <code>true</code>.
*/
boolean hasMorePayloads();
/**
* This method is used by Burp to obtain the value of the next payload.
*
* @param baseValue The base value of the current payload position. This
* value may be
* <code>null</code> if the concept of a base value is not applicable (e.g.
* in a battering ram attack).
* @return The next payload to use in the attack.
*/
byte[] getNextPayload(byte[] baseValue);
/**
* This method is used by Burp to reset the state of the payload generator
* so that the next call to
* <code>getNextPayload()</code> returns the first payload again. This
* method will be invoked when an attack uses the same payload generator for
* more than one payload position, for example in a sniper attack.
*/
void reset();
}

40
JarShim/burp/IIntruderPayloadGeneratorFactory.java Normal file
View file

@ -0,0 +1,40 @@
package burp;
/*
* @(#)IIntruderPayloadGeneratorFactory.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory()</code>
* to register a factory for custom Intruder payloads.
*/
public interface IIntruderPayloadGeneratorFactory
{
/**
* This method is used by Burp to obtain the name of the payload generator.
* This will be displayed as an option within the Intruder UI when the user
* selects to use extension-generated payloads.
*
* @return The name of the payload generator.
*/
String getGeneratorName();
/**
* This method is used by Burp when the user starts an Intruder attack that
* uses this payload generator.
*
* @param attack An
* <code>IIntruderAttack</code> object that can be queried to obtain details
* about the attack in which the payload generator will be used.
* @return A new instance of
* <code>IIntruderPayloadGenerator</code> that will be used to generate
* payloads for the attack.
*/
IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack);
}

45
JarShim/burp/IIntruderPayloadProcessor.java Normal file
View file

@ -0,0 +1,45 @@
package burp;
/*
* @(#)IIntruderPayloadProcessor.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerIntruderPayloadProcessor()</code> to
* register a custom Intruder payload processor.
*/
public interface IIntruderPayloadProcessor
{
/**
* This method is used by Burp to obtain the name of the payload processor.
* This will be displayed as an option within the Intruder UI when the user
* selects to use an extension-provided payload processor.
*
* @return The name of the payload processor.
*/
String getProcessorName();
/**
* This method is invoked by Burp each time the processor should be applied
* to an Intruder payload.
*
* @param currentPayload The value of the payload to be processed.
* @param originalPayload The value of the original payload prior to
* processing by any already-applied processing rules.
* @param baseValue The base value of the payload position, which will be
* replaced with the current payload.
* @return The value of the processed payload. This may be
* <code>null</code> to indicate that the current payload should be skipped,
* and the attack will move directly to the next payload.
*/
byte[] processPayload(
byte[] currentPayload,
byte[] originalPayload,
byte[] baseValue);
}

36
JarShim/burp/IMenuItemHandler.java Normal file
View file

@ -0,0 +1,36 @@
package burp;
/*
* @(#)IMenuItemHandler.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerMenuItem()</code> to register a custom
* context menu item.
*
* @deprecated Use
* <code>IContextMenuFactory</code> instead.
*/
@Deprecated
public interface IMenuItemHandler
{
/**
* This method is invoked by Burp Suite when the user clicks on a custom
* menu item which the extension has registered with Burp.
*
* @param menuItemCaption The caption of the menu item which was clicked.
* This parameter enables extensions to provide a single implementation
* which handles multiple different menu items.
* @param messageInfo Details of the HTTP message(s) for which the context
* menu was displayed.
*/
void menuItemClicked(
String menuItemCaption,
IHttpRequestResponse[] messageInfo);
}

77
JarShim/burp/IMessageEditor.java Normal file
View file

@ -0,0 +1,77 @@
package burp;
/*
* @(#)IMessageEditor.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.awt.Component;
/**
* This interface is used to provide extensions with an instance of Burp's HTTP
* message editor, for the extension to use in its own UI. Extensions should
* call <code>IBurpExtenderCallbacks.createMessageEditor()</code> to obtain an
* instance of this interface.
*/
public interface IMessageEditor
{
/**
* This method returns the UI component of the editor, for extensions to add
* to their own UI.
*
* @return The UI component of the editor.
*/
Component getComponent();
/**
* This method is used to display an HTTP message in the editor.
*
* @param message The HTTP message to be displayed.
* @param isRequest Flags whether the message is an HTTP request or
* response.
*/
void setMessage(byte[] message, boolean isRequest);
/**
* This method is used to retrieve the currently displayed message, which
* may have been modified by the user.
*
* @return The currently displayed HTTP message.
*/
byte[] getMessage();
/**
* This method is used to determine whether the current message has been
* modified by the user.
*
* @return An indication of whether the current message has been modified by
* the user since it was first displayed.
*/
boolean isMessageModified();
/**
* This method returns the data that is currently selected by the user.
*
* @return The data that is currently selected by the user, or
* <code>null</code> if no selection is made.
*/
byte[] getSelectedData();
/**
* This method can be used to retrieve the bounds of the user's selection
* into the displayed message, if applicable.
*
* @return An int[2] array containing the start and end offsets of the
* user's selection within the displayed message. If the user has not made
* any selection in the current message, both offsets indicate the position
* of the caret within the editor. For some editor views, the concept of
* selection within the message does not apply, in which case this method
* returns null.
*/
int[] getSelectionBounds();
}

49
JarShim/burp/IMessageEditorController.java Normal file
View file

@ -0,0 +1,49 @@
package burp;
/*
* @(#)IMessageEditorController.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used by an
* <code>IMessageEditor</code> to obtain details about the currently displayed
* message. Extensions that create instances of Burp's HTTP message editor can
* optionally provide an implementation of
* <code>IMessageEditorController</code>, which the editor will invoke when it
* requires further information about the current message (for example, to send
* it to another Burp tool). Extensions that provide custom editor tabs via an
* <code>IMessageEditorTabFactory</code> will receive a reference to an
* <code>IMessageEditorController</code> object for each tab instance they
* generate, which the tab can invoke if it requires further information about
* the current message.
*/
public interface IMessageEditorController
{
/**
* This method is used to retrieve the HTTP service for the current message.
*
* @return The HTTP service for the current message.
*/
IHttpService getHttpService();
/**
* This method is used to retrieve the HTTP request associated with the
* current message (which may itself be a response).
*
* @return The HTTP request associated with the current message.
*/
byte[] getRequest();
/**
* This method is used to retrieve the HTTP response associated with the
* current message (which may itself be a request).
*
* @return The HTTP response associated with the current message.
*/
byte[] getResponse();
}

103
JarShim/burp/IMessageEditorTab.java Normal file
View file

@ -0,0 +1,103 @@
package burp;
/*
* @(#)IMessageEditorTab.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.awt.Component;
/**
* Extensions that register an
* <code>IMessageEditorTabFactory</code> must return instances of this
* interface, which Burp will use to create custom tabs within its HTTP message
* editors.
*/
public interface IMessageEditorTab
{
/**
* This method returns the caption that should appear on the custom tab when
* it is displayed. <b>Note:</b> Burp invokes this method once when the tab
* is first generated, and the same caption will be used every time the tab
* is displayed.
*
* @return The caption that should appear on the custom tab when it is
* displayed.
*/
String getTabCaption();
/**
* This method returns the component that should be used as the contents of
* the custom tab when it is displayed. <b>Note:</b> Burp invokes this
* method once when the tab is first generated, and the same component will
* be used every time the tab is displayed.
*
* @return The component that should be used as the contents of the custom
* tab when it is displayed.
*/
Component getUiComponent();
/**
* The hosting editor will invoke this method before it displays a new HTTP
* message, so that the custom tab can indicate whether it should be enabled
* for that message.
*
* @param content The message that is about to be displayed, or a zero-length
* array if the existing message is to be cleared.
* @param isRequest Indicates whether the message is a request or a
* response.
* @return The method should return
* <code>true</code> if the custom tab is able to handle the specified
* message, and so will be displayed within the editor. Otherwise, the tab
* will be hidden while this message is displayed.
*/
boolean isEnabled(byte[] content, boolean isRequest);
/**
* The hosting editor will invoke this method to display a new message or to
* clear the existing message. This method will only be called with a new
* message if the tab has already returned
* <code>true</code> to a call to
* <code>isEnabled()</code> with the same message details.
*
* @param content The message that is to be displayed, or
* <code>null</code> if the tab should clear its contents and disable any
* editable controls.
* @param isRequest Indicates whether the message is a request or a
* response.
*/
void setMessage(byte[] content, boolean isRequest);
/**
* This method returns the currently displayed message.
*
* @return The currently displayed message.
*/
byte[] getMessage();
/**
* This method is used to determine whether the currently displayed message
* has been modified by the user. The hosting editor will always call
* <code>getMessage()</code> before calling this method, so any pending
* edits should be completed within
* <code>getMessage()</code>.
*
* @return The method should return
* <code>true</code> if the user has modified the current message since it
* was first displayed.
*/
boolean isModified();
/**
* This method is used to retrieve the data that is currently selected by
* the user.
*
* @return The data that is currently selected by the user. This may be
* <code>null</code> if no selection is currently made.
*/
byte[] getSelectedData();
}

39
JarShim/burp/IMessageEditorTabFactory.java Normal file
View file

@ -0,0 +1,39 @@
package burp;
/*
* @(#)IMessageEditorTabFactory.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerMessageEditorTabFactory()</code> to
* register a factory for custom message editor tabs. This allows extensions to
* provide custom rendering or editing of HTTP messages, within Burp's own HTTP
* editor.
*/
public interface IMessageEditorTabFactory
{
/**
* Burp will call this method once for each HTTP message editor, and the
* factory should provide a new instance of an
* <code>IMessageEditorTab</code> object.
*
* @param controller An
* <code>IMessageEditorController</code> object, which the new tab can query
* to retrieve details about the currently displayed message. This may be
* <code>null</code> for extension-invoked message editors where the
* extension has not provided an editor controller.
* @param editable Indicates whether the hosting editor is editable or
* read-only.
* @return A new
* <code>IMessageEditorTab</code> object for use within the message editor.
*/
IMessageEditorTab createNewInstance(
IMessageEditorController controller,
boolean editable);
}

104
JarShim/burp/IParameter.java Normal file
View file

@ -0,0 +1,104 @@
package burp;
/*
* @(#)IParameter.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to hold details about an HTTP request parameter.
*/
public interface IParameter
{
/**
* Used to indicate a parameter within the URL query string.
*/
byte PARAM_URL = 0;
/**
* Used to indicate a parameter within the message body.
*/
byte PARAM_BODY = 1;
/**
* Used to indicate an HTTP cookie.
*/
byte PARAM_COOKIE = 2;
/**
* Used to indicate an item of data within an XML structure.
*/
byte PARAM_XML = 3;
/**
* Used to indicate the value of a tag attribute within an XML structure.
*/
byte PARAM_XML_ATTR = 4;
/**
* Used to indicate the value of a parameter attribute within a multi-part
* message body (such as the name of an uploaded file).
*/
byte PARAM_MULTIPART_ATTR = 5;
/**
* Used to indicate an item of data within a JSON structure.
*/
byte PARAM_JSON = 6;
/**
* This method is used to retrieve the parameter type.
*
* @return The parameter type. The available types are defined within this
* interface.
*/
byte getType();
/**
* This method is used to retrieve the parameter name.
*
* @return The parameter name.
*/
String getName();
/**
* This method is used to retrieve the parameter value.
*
* @return The parameter value.
*/
String getValue();
/**
* This method is used to retrieve the start offset of the parameter name
* within the HTTP request.
*
* @return The start offset of the parameter name within the HTTP request,
* or -1 if the parameter is not associated with a specific request.
*/
int getNameStart();
/**
* This method is used to retrieve the end offset of the parameter name
* within the HTTP request.
*
* @return The end offset of the parameter name within the HTTP request, or
* -1 if the parameter is not associated with a specific request.
*/
int getNameEnd();
/**
* This method is used to retrieve the start offset of the parameter value
* within the HTTP request.
*
* @return The start offset of the parameter value within the HTTP request,
* or -1 if the parameter is not associated with a specific request.
*/
int getValueStart();
/**
* This method is used to retrieve the end offset of the parameter value
* within the HTTP request.
*
* @return The end offset of the parameter value within the HTTP request, or
* -1 if the parameter is not associated with a specific request.
*/
int getValueEnd();
}

37
JarShim/burp/IProxyListener.java Normal file
View file

@ -0,0 +1,37 @@
package burp;
/*
* @(#)IProxyListener.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerProxyListener()</code> to register a
* Proxy listener. The listener will be notified of requests and responses being
* processed by the Proxy tool. Extensions can perform custom analysis or
* modification of these messages, and control in-UI message interception, by
* registering a proxy listener.
*/
public interface IProxyListener
{
/**
* This method is invoked when an HTTP message is being processed by the
* Proxy.
*
* @param messageIsRequest Indicates whether the HTTP message is a request
* or a response.
* @param message An
* <code>IInterceptedProxyMessage</code> object that extensions can use to
* query and update details of the message, and control whether the message
* should be intercepted and displayed to the user for manual review or
* modification.
*/
void processProxyMessage(
boolean messageIsRequest,
IInterceptedProxyMessage message);
}

95
JarShim/burp/IRequestInfo.java Normal file
View file

@ -0,0 +1,95 @@
package burp;
/*
* @(#)IRequestInfo.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.net.URL;
import java.util.List;
/**
* This interface is used to retrieve key details about an HTTP request.
* Extensions can obtain an
* <code>IRequestInfo</code> object for a given request by calling
* <code>IExtensionHelpers.analyzeRequest()</code>.
*/
public interface IRequestInfo
{
/**
* Used to indicate that there is no content.
*/
byte CONTENT_TYPE_NONE = 0;
/**
* Used to indicate URL-encoded content.
*/
byte CONTENT_TYPE_URL_ENCODED = 1;
/**
* Used to indicate multi-part content.
*/
byte CONTENT_TYPE_MULTIPART = 2;
/**
* Used to indicate XML content.
*/
byte CONTENT_TYPE_XML = 3;
/**
* Used to indicate JSON content.
*/
byte CONTENT_TYPE_JSON = 4;
/**
* Used to indicate AMF content.
*/
byte CONTENT_TYPE_AMF = 5;
/**
* Used to indicate unknown content.
*/
byte CONTENT_TYPE_UNKNOWN = -1;
/**
* This method is used to obtain the HTTP method used in the request.
*
* @return The HTTP method used in the request.
*/
String getMethod();
/**
* This method is used to obtain the URL in the request.
*
* @return The URL in the request.
*/
URL getUrl();
/**
* This method is used to obtain the HTTP headers contained in the request.
*
* @return The HTTP headers contained in the request.
*/
List<String> getHeaders();
/**
* This method is used to obtain the parameters contained in the request.
*
* @return The parameters contained in the request.
*/
List<IParameter> getParameters();
/**
* This method is used to obtain the offset within the request where the
* message body begins.
*
* @return The offset within the request where the message body begins.
*/
int getBodyOffset();
/**
* This method is used to obtain the content type of the message body.
*
* @return An indication of the content type of the message body. Available
* types are defined within this interface.
*/
byte getContentType();
}

73
JarShim/burp/IResponseInfo.java Normal file
View file

@ -0,0 +1,73 @@
package burp;
/*
* @(#)IResponseInfo.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* This interface is used to retrieve key details about an HTTP response.
* Extensions can obtain an
* <code>IResponseInfo</code> object for a given response by calling
* <code>IExtensionHelpers.analyzeResponse()</code>.
*/
public interface IResponseInfo
{
/**
* This method is used to obtain the HTTP headers contained in the response.
*
* @return The HTTP headers contained in the response.
*/
List<String> getHeaders();
/**
* This method is used to obtain the offset within the response where the
* message body begins.
*
* @return The offset within the response where the message body begins.
*/
int getBodyOffset();
/**
* This method is used to obtain the HTTP status code contained in the
* response.
*
* @return The HTTP status code contained in the response.
*/
short getStatusCode();
/**
* This method is used to obtain details of the HTTP cookies set in the
* response.
*
* @return A list of <code>ICookie</code> objects representing the cookies
* set in the response, if any.
*/
List<ICookie> getCookies();
/**
* This method is used to obtain the MIME type of the response, as stated in
* the HTTP headers.
*
* @return A textual label for the stated MIME type, or an empty String if
* this is not known or recognized. The possible labels are the same as
* those used in the main Burp UI.
*/
String getStatedMimeType();
/**
* This method is used to obtain the MIME type of the response, as inferred
* from the contents of the HTTP message body.
*
* @return A textual label for the inferred MIME type, or an empty String if
* this is not known or recognized. The possible labels are the same as
* those used in the main Burp UI.
*/
String getInferredMimeType();
}

58
JarShim/burp/IResponseKeywords.java Normal file
View file

@ -0,0 +1,58 @@
package burp;
/*
* @(#)IResponseKeywords.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* This interface is used to represent the counts of keywords appearing in a
* number of HTTP responses.
*/
public interface IResponseKeywords
{
/**
* This method is used to obtain the list of keywords whose counts vary
* between the analyzed responses.
*
* @return The keywords whose counts vary between the analyzed responses.
*/
List<String> getVariantKeywords();
/**
* This method is used to obtain the list of keywords whose counts do not
* vary between the analyzed responses.
*
* @return The keywords whose counts do not vary between the analyzed
* responses.
*/
List<String> getInvariantKeywords();
/**
* This method is used to obtain the number of occurrences of an individual
* keyword in a response.
*
* @param keyword The keyword whose count will be retrieved.
* @param responseIndex The index of the response. Note responses are
* indexed from zero in the order they were originally supplied to the
* <code>IExtensionHelpers.analyzeResponseKeywords()</code> and
* <code>IResponseKeywords.updateWith()</code> methods.
* @return The number of occurrences of the specified keyword for the
* specified response.
*/
int getKeywordCount(String keyword, int responseIndex);
/**
* This method is used to update the analysis based on additional responses.
*
* @param responses The new responses to include in the analysis.
*/
void updateWith(byte[]... responses);
}

62
JarShim/burp/IResponseVariations.java Normal file
View file

@ -0,0 +1,62 @@
package burp;
/*
* @(#)IResponseVariations.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* This interface is used to represent variations between a number HTTP
* responses, according to various attributes.
*/
public interface IResponseVariations
{
/**
* This method is used to obtain the list of attributes that vary between
* the analyzed responses.
*
* @return The attributes that vary between the analyzed responses.
*/
List<String> getVariantAttributes();
/**
* This method is used to obtain the list of attributes that do not vary
* between the analyzed responses.
*
* @return The attributes that do not vary between the analyzed responses.
*/
List<String> getInvariantAttributes();
/**
* This method is used to obtain the value of an individual attribute in a
* response. Note that the values of some attributes are intrinsically
* meaningful (e.g. a word count) while the values of others are less so
* (e.g. a checksum of the HTML tag names).
*
* @param attributeName The name of the attribute whose value will be
* retrieved. Extension authors can obtain the list of supported attributes
* by generating an <code>IResponseVariations</code> object for a single
* response and calling
* <code>IResponseVariations.getInvariantAttributes()</code>.
* @param responseIndex The index of the response. Note that responses are
* indexed from zero in the order they were originally supplied to the
* <code>IExtensionHelpers.analyzeResponseVariations()</code> and
* <code>IResponseVariations.updateWith()</code> methods.
* @return The value of the specified attribute for the specified response.
*/
int getAttributeValue(String attributeName, int responseIndex);
/**
* This method is used to update the analysis based on additional responses.
*
* @param responses The new responses to include in the analysis.
*/
void updateWith(byte[]... responses);
}

123
JarShim/burp/IScanIssue.java Normal file
View file

@ -0,0 +1,123 @@
package burp;
/*
* @(#)IScanIssue.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to retrieve details of Scanner issues. Extensions can
* obtain details of issues by registering an <code>IScannerListener</code> or
* by calling <code>IBurpExtenderCallbacks.getScanIssues()</code>. Extensions
* can also add custom Scanner issues by registering an
* <code>IScannerCheck</code> or calling
* <code>IBurpExtenderCallbacks.addScanIssue()</code>, and providing their own
* implementations of this interface. Note that issue descriptions and other
* text generated by extensions are subject to an HTML whitelist that allows
* only formatting tags and simple hyperlinks.
*/
public interface IScanIssue
{
/**
* This method returns the URL for which the issue was generated.
*
* @return The URL for which the issue was generated.
*/
java.net.URL getUrl();
/**
* This method returns the name of the issue type.
*
* @return The name of the issue type (e.g. "SQL injection").
*/
String getIssueName();
/**
* This method returns a numeric identifier of the issue type. See the Burp
* Scanner documentation for a listing of all the issue types.
*
* @return A numeric identifier of the issue type.
*/
int getIssueType();
/**
* This method returns the issue severity level.
*
* @return The issue severity level. Expected values are "High", "Medium",
* "Low", "Information" or "False positive".
*
*/
String getSeverity();
/**
* This method returns the issue confidence level.
*
* @return The issue confidence level. Expected values are "Certain", "Firm"
* or "Tentative".
*/
String getConfidence();
/**
* This method returns a background description for this type of issue.
*
* @return A background description for this type of issue, or
* <code>null</code> if none applies. A limited set of HTML tags may be
* used.
*/
String getIssueBackground();
/**
* This method returns a background description of the remediation for this
* type of issue.
*
* @return A background description of the remediation for this type of
* issue, or <code>null</code> if none applies. A limited set of HTML tags
* may be used.
*/
String getRemediationBackground();
/**
* This method returns detailed information about this specific instance of
* the issue.
*
* @return Detailed information about this specific instance of the issue,
* or <code>null</code> if none applies. A limited set of HTML tags may be
* used.
*/
String getIssueDetail();
/**
* This method returns detailed information about the remediation for this
* specific instance of the issue.
*
* @return Detailed information about the remediation for this specific
* instance of the issue, or <code>null</code> if none applies. A limited
* set of HTML tags may be used.
*/
String getRemediationDetail();
/**
* This method returns the HTTP messages on the basis of which the issue was
* generated.
*
* @return The HTTP messages on the basis of which the issue was generated.
* <b>Note:</b> The items in this array should be instances of
* <code>IHttpRequestResponseWithMarkers</code> if applicable, so that
* details of the relevant portions of the request and response messages are
* available.
*/
IHttpRequestResponse[] getHttpMessages();
/**
* This method returns the HTTP service for which the issue was generated.
*
* @return The HTTP service for which the issue was generated.
*/
IHttpService getHttpService();
}

81
JarShim/burp/IScanQueueItem.java Normal file
View file

@ -0,0 +1,81 @@
package burp;
/*
* @(#)IScanQueueItem.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to retrieve details of items in the Burp Scanner
* active scan queue. Extensions can obtain references to scan queue items by
* calling
* <code>IBurpExtenderCallbacks.doActiveScan()</code>.
*/
public interface IScanQueueItem
{
/**
* This method returns a description of the status of the scan queue item.
*
* @return A description of the status of the scan queue item.
*/
String getStatus();
/**
* This method returns an indication of the percentage completed for the
* scan queue item.
*
* @return An indication of the percentage completed for the scan queue
* item.
*/
@Deprecated
byte getPercentageComplete();
/**
* This method returns the number of requests that have been made for the
* scan queue item.
*
* @return The number of requests that have been made for the scan queue
* item.
*/
int getNumRequests();
/**
* This method returns the number of network errors that have occurred for
* the scan queue item.
*
* @return The number of network errors that have occurred for the scan
* queue item.
*/
int getNumErrors();
/**
* This method returns the number of attack insertion points being used for
* the scan queue item.
*
* @return The number of attack insertion points being used for the scan
* queue item.
*/
int getNumInsertionPoints();
/**
* This method allows the scan queue item to be canceled.
*/
void cancel();
/**
* This method returns details of the issues generated for the scan queue
* item. <b>Note:</b> different items within the scan queue may contain
* duplicated versions of the same issues - for example, if the same request
* has been scanned multiple times. Duplicated issues are consolidated in
* the main view of scan results. Extensions can register an
* <code>IScannerListener</code> to get details only of unique, newly
* discovered Scanner issues post-consolidation.
*
* @return Details of the issues generated for the scan queue item.
*/
IScanIssue[] getIssues();
}

83
JarShim/burp/IScannerCheck.java Normal file
View file

@ -0,0 +1,83 @@
package burp;
/*
* @(#)IScannerCheck.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerScannerCheck()</code> to register a
* custom Scanner check. When performing scanning, Burp will ask the check to
* perform active or passive scanning on the base request, and report any
* Scanner issues that are identified.
*/
public interface IScannerCheck
{
/**
* The Scanner invokes this method for each base request / response that is
* passively scanned. <b>Note:</b> Extensions should only analyze the
* HTTP messages provided during passive scanning, and should not make any
* new HTTP requests of their own.
*
* @param baseRequestResponse The base HTTP request / response that should
* be passively scanned.
* @return A list of <code>IScanIssue</code> objects, or <code>null</code>
* if no issues are identified.
*/
List<IScanIssue> doPassiveScan(IHttpRequestResponse baseRequestResponse);
/**
* The Scanner invokes this method for each insertion point that is actively
* scanned. Extensions may issue HTTP requests as required to carry out
* active scanning, and should use the
* <code>IScannerInsertionPoint</code> object provided to build scan
* requests for particular payloads.
* <b>Note:</b>
* Scan checks should submit raw non-encoded payloads to insertion points,
* and the insertion point has responsibility for performing any data
* encoding that is necessary given the nature and location of the insertion
* point.
*
* @param baseRequestResponse The base HTTP request / response that should
* be actively scanned.
* @param insertionPoint An <code>IScannerInsertionPoint</code> object that
* can be queried to obtain details of the insertion point being tested, and
* can be used to build scan requests for particular payloads.
* @return A list of <code>IScanIssue</code> objects, or <code>null</code>
* if no issues are identified.
*/
List<IScanIssue> doActiveScan(
IHttpRequestResponse baseRequestResponse,
IScannerInsertionPoint insertionPoint);
/**
* The Scanner invokes this method when the custom Scanner check has
* reported multiple issues for the same URL path. This can arise either
* because there are multiple distinct vulnerabilities, or because the same
* (or a similar) request has been scanned more than once. The custom check
* should determine whether the issues are duplicates. In most cases, where
* a check uses distinct issue names or descriptions for distinct issues,
* the consolidation process will simply be a matter of comparing these
* features for the two issues.
*
* @param existingIssue An issue that was previously reported by this
* Scanner check.
* @param newIssue An issue at the same URL path that has been newly
* reported by this Scanner check.
* @return An indication of which issue(s) should be reported in the main
* Scanner results. The method should return <code>-1</code> to report the
* existing issue only, <code>0</code> to report both issues, and
* <code>1</code> to report the new issue only.
*/
int consolidateDuplicateIssues(
IScanIssue existingIssue,
IScanIssue newIssue);
}

174
JarShim/burp/IScannerInsertionPoint.java Normal file
View file

@ -0,0 +1,174 @@
package burp;
/*
* @(#)IScannerInsertionPoint.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to define an insertion point for use by active Scanner
* checks. Extensions can obtain instances of this interface by registering an
* <code>IScannerCheck</code>, or can create instances for use by Burp's own
* scan checks by registering an
* <code>IScannerInsertionPointProvider</code>.
*/
public interface IScannerInsertionPoint
{
/**
* Used to indicate where the payload is inserted into the value of a URL
* parameter.
*/
byte INS_PARAM_URL = 0x00;
/**
* Used to indicate where the payload is inserted into the value of a body
* parameter.
*/
byte INS_PARAM_BODY = 0x01;
/**
* Used to indicate where the payload is inserted into the value of an HTTP
* cookie.
*/
byte INS_PARAM_COOKIE = 0x02;
/**
* Used to indicate where the payload is inserted into the value of an item
* of data within an XML data structure.
*/
byte INS_PARAM_XML = 0x03;
/**
* Used to indicate where the payload is inserted into the value of a tag
* attribute within an XML structure.
*/
byte INS_PARAM_XML_ATTR = 0x04;
/**
* Used to indicate where the payload is inserted into the value of a
* parameter attribute within a multi-part message body (such as the name of
* an uploaded file).
*/
byte INS_PARAM_MULTIPART_ATTR = 0x05;
/**
* Used to indicate where the payload is inserted into the value of an item
* of data within a JSON structure.
*/
byte INS_PARAM_JSON = 0x06;
/**
* Used to indicate where the payload is inserted into the value of an AMF
* parameter.
*/
byte INS_PARAM_AMF = 0x07;
/**
* Used to indicate where the payload is inserted into the value of an HTTP
* request header.
*/
byte INS_HEADER = 0x20;
/**
* Used to indicate where the payload is inserted into a URL path folder.
*/
byte INS_URL_PATH_FOLDER = 0x21;
/**
* Used to indicate where the payload is inserted into a URL path folder.
* This is now deprecated; use <code>INS_URL_PATH_FOLDER</code> instead.
*/
@Deprecated
byte INS_URL_PATH_REST = INS_URL_PATH_FOLDER;
/**
* Used to indicate where the payload is inserted into the name of an added
* URL parameter.
*/
byte INS_PARAM_NAME_URL = 0x22;
/**
* Used to indicate where the payload is inserted into the name of an added
* body parameter.
*/
byte INS_PARAM_NAME_BODY = 0x23;
/**
* Used to indicate where the payload is inserted into the body of the HTTP
* request.
*/
byte INS_ENTIRE_BODY = 0x24;
/**
* Used to indicate where the payload is inserted into the URL path
* filename.
*/
byte INS_URL_PATH_FILENAME = 0x25;
/**
* Used to indicate where the payload is inserted at a location manually
* configured by the user.
*/
byte INS_USER_PROVIDED = 0x40;
/**
* Used to indicate where the insertion point is provided by an
* extension-registered
* <code>IScannerInsertionPointProvider</code>.
*/
byte INS_EXTENSION_PROVIDED = 0x41;
/**
* Used to indicate where the payload is inserted at an unknown location
* within the request.
*/
byte INS_UNKNOWN = 0x7f;
/**
* This method returns the name of the insertion point.
*
* @return The name of the insertion point (for example, a description of a
* particular request parameter).
*/
String getInsertionPointName();
/**
* This method returns the base value for this insertion point.
*
* @return the base value that appears in this insertion point in the base
* request being scanned, or <code>null</code> if there is no value in the
* base request that corresponds to this insertion point.
*/
String getBaseValue();
/**
* This method is used to build a request with the specified payload placed
* into the insertion point. There is no requirement for extension-provided
* insertion points to adjust the Content-Length header in requests if the
* body length has changed, although Burp-provided insertion points will
* always do this and will return a request with a valid Content-Length
* header.
* <b>Note:</b>
* Scan checks should submit raw non-encoded payloads to insertion points,
* and the insertion point has responsibility for performing any data
* encoding that is necessary given the nature and location of the insertion
* point.
*
* @param payload The payload that should be placed into the insertion
* point.
* @return The resulting request.
*/
byte[] buildRequest(byte[] payload);
/**
* This method is used to determine the offsets of the payload value within
* the request, when it is placed into the insertion point. Scan checks may
* invoke this method when reporting issues, so as to highlight the relevant
* part of the request within the UI.
*
* @param payload The payload that should be placed into the insertion
* point.
* @return An int[2] array containing the start and end offsets of the
* payload within the request, or null if this is not applicable (for
* example, where the insertion point places a payload into a serialized
* data structure, the raw payload may not literally appear anywhere within
* the resulting request).
*/
int[] getPayloadOffsets(byte[] payload);
/**
* This method returns the type of the insertion point.
*
* @return The type of the insertion point. Available types are defined in
* this interface.
*/
byte getInsertionPointType();
}

38
JarShim/burp/IScannerInsertionPointProvider.java Normal file
View file

@ -0,0 +1,38 @@
package burp;
/*
* @(#)IScannerInsertionPointProvider.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.util.List;
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerScannerInsertionPointProvider()</code>
* to register a factory for custom Scanner insertion points.
*/
public interface IScannerInsertionPointProvider
{
/**
* When a request is actively scanned, the Scanner will invoke this method,
* and the provider should provide a list of custom insertion points that
* will be used in the scan. <b>Note:</b> these insertion points are used in
* addition to those that are derived from Burp Scanner's configuration, and
* those provided by any other Burp extensions.
*
* @param baseRequestResponse The base request that will be actively
* scanned.
* @return A list of
* <code>IScannerInsertionPoint</code> objects that should be used in the
* scanning, or
* <code>null</code> if no custom insertion points are applicable for this
* request.
*/
List<IScannerInsertionPoint> getInsertionPoints(
IHttpRequestResponse baseRequestResponse);
}

30
JarShim/burp/IScannerListener.java Normal file
View file

@ -0,0 +1,30 @@
package burp;
/*
* @(#)IScannerListener.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerScannerListener()</code> to register a
* Scanner listener. The listener will be notified of new issues that are
* reported by the Scanner tool. Extensions can perform custom analysis or
* logging of Scanner issues by registering a Scanner listener.
*/
public interface IScannerListener
{
/**
* This method is invoked when a new issue is added to Burp Scanner's
* results.
*
* @param issue An
* <code>IScanIssue</code> object that the extension can query to obtain
* details about the new issue.
*/
void newScanIssue(IScanIssue issue);
}

25
JarShim/burp/IScopeChangeListener.java Normal file
View file

@ -0,0 +1,25 @@
package burp;
/*
* @(#)IScopeChangeListener.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerScopeChangeListener()</code> to register
* a scope change listener. The listener will be notified whenever a change
* occurs to Burp's suite-wide target scope.
*/
public interface IScopeChangeListener
{
/**
* This method is invoked whenever a change occurs to Burp's suite-wide
* target scope.
*/
void scopeChanged();
}

51
JarShim/burp/ISessionHandlingAction.java Normal file
View file

@ -0,0 +1,51 @@
package burp;
/*
* @(#)ISessionHandlingAction.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* Extensions can implement this interface and then call
* <code>IBurpExtenderCallbacks.registerSessionHandlingAction()</code> to
* register a custom session handling action. Each registered action will be
* available within the session handling rule UI for the user to select as a
* rule action. Users can choose to invoke an action directly in its own right,
* or following execution of a macro.
*/
public interface ISessionHandlingAction
{
/**
* This method is used by Burp to obtain the name of the session handling
* action. This will be displayed as an option within the session handling
* rule editor when the user selects to execute an extension-provided
* action.
*
* @return The name of the action.
*/
String getActionName();
/**
* This method is invoked when the session handling action should be
* executed. This may happen as an action in its own right, or as a
* sub-action following execution of a macro.
*
* @param currentRequest The base request that is currently being processed.
* The action can query this object to obtain details about the base
* request. It can issue additional requests of its own if necessary, and
* can use the setter methods on this object to update the base request.
* @param macroItems If the action is invoked following execution of a
* macro, this parameter contains the result of executing the macro.
* Otherwise, it is
* <code>null</code>. Actions can use the details of the macro items to
* perform custom analysis of the macro to derive values of non-standard
* session handling tokens, etc.
*/
void performAction(
IHttpRequestResponse currentRequest,
IHttpRequestResponse[] macroItems);
}

38
JarShim/burp/ITab.java Normal file
View file

@ -0,0 +1,38 @@
package burp;
/*
* @(#)ITab.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.awt.Component;
/**
* This interface is used to provide Burp with details of a custom tab that will
* be added to Burp's UI, using a method such as
* <code>IBurpExtenderCallbacks.addSuiteTab()</code>.
*/
public interface ITab
{
/**
* Burp uses this method to obtain the caption that should appear on the
* custom tab when it is displayed.
*
* @return The caption that should appear on the custom tab when it is
* displayed.
*/
String getTabCaption();
/**
* Burp uses this method to obtain the component that should be used as the
* contents of the custom tab when it is displayed.
*
* @return The component that should be used as the contents of the custom
* tab when it is displayed.
*/
Component getUiComponent();
}

33
JarShim/burp/ITempFile.java Normal file
View file

@ -0,0 +1,33 @@
package burp;
/*
* @(#)ITempFile.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
/**
* This interface is used to hold details of a temporary file that has been
* created via a call to
* <code>IBurpExtenderCallbacks.saveToTempFile()</code>.
*
*/
public interface ITempFile
{
/**
* This method is used to retrieve the contents of the buffer that was saved
* in the temporary file.
*
* @return The contents of the buffer that was saved in the temporary file.
*/
byte[] getBuffer();
/**
* This method is deprecated and no longer performs any action.
*/
@Deprecated
void delete();
}

90
JarShim/burp/ITextEditor.java Normal file
View file

@ -0,0 +1,90 @@
package burp;
/*
* @(#)ITextEditor.java
*
* Copyright PortSwigger Ltd. All rights reserved.
*
* This code may be used to extend the functionality of Burp Suite Community Edition
* and Burp Suite Professional, provided that this usage does not violate the
* license terms for those products.
*/
import java.awt.Component;
/**
* This interface is used to provide extensions with an instance of Burp's raw
* text editor, for the extension to use in its own UI. Extensions should call
* <code>IBurpExtenderCallbacks.createTextEditor()</code> to obtain an instance
* of this interface.
*/
public interface ITextEditor
{
/**
* This method returns the UI component of the editor, for extensions to add
* to their own UI.
*
* @return The UI component of the editor.
*/
Component getComponent();
/**
* This method is used to control whether the editor is currently editable.
* This status can be toggled on and off as required.
*
* @param editable Indicates whether the editor should be currently
* editable.
*/
void setEditable(boolean editable);
/**
* This method is used to update the currently displayed text in the editor.
*
* @param text The text to be displayed.
*/
void setText(byte[] text);
/**
* This method is used to retrieve the currently displayed text.
*
* @return The currently displayed text.
*/
byte[] getText();
/**
* This method is used to determine whether the user has modified the
* contents of the editor.
*
* @return An indication of whether the user has modified the contents of
* the editor since the last call to
* <code>setText()</code>.
*/
boolean isTextModified();
/**
* This method is used to obtain the currently selected text.
*
* @return The currently selected text, or
* <code>null</code> if the user has not made any selection.
*/
byte[] getSelectedText();
/**
* This method can be used to retrieve the bounds of the user's selection
* into the displayed text, if applicable.
*
* @return An int[2] array containing the start and end offsets of the
* user's selection within the displayed text. If the user has not made any
* selection in the current message, both offsets indicate the position of
* the caret within the editor.
*/
int[] getSelectionBounds();
/**
* This method is used to update the search expression that is shown in the
* search bar below the editor. The editor will automatically highlight any
* regions of the displayed text that match the search expression.
*
* @param expression The search expression.
*/
void setSearchExpression(String expression);
}

42
JarShim/burp/JythonFactory.java Normal file
View file

@ -0,0 +1,42 @@
package burp;
import org.python.util.PythonInterpreter;
public class JythonFactory
{
private static JythonFactory instance = null;
public PythonInterpreter interpreter = null;
public Object jyObject = null;
public synchronized JythonFactory getInstance()
{
if (instance == null)
instance = new JythonFactory();
return instance;
}
public Object getJythonObject(String interfaceName, String pathToJythonModule)
{
interpreter = new PythonInterpreter();
interpreter.exec("from " + pathToJythonModule + " import BurpExtender as ExtenderClass");
String instanceName = pathToJythonModule.toLowerCase();
String objectDef = " = ExtenderClass()";
interpreter.exec(instanceName + objectDef);
try
{
Class JavaInterface = Class.forName(interfaceName);
jyObject = interpreter.get(instanceName).__tojava__(JavaInterface);
}
catch (ClassNotFoundException ex)
{
ex.printStackTrace();
}
return jyObject;
}
}

99
build-jar.sh Executable file
View file

@ -0,0 +1,99 @@
#!/bin/bash
set -eE
JYTHON_URL="https://repo1.maven.org/maven2/org/python/jython-standalone/2.7.2/jython-standalone-2.7.2.jar"
_JYTHON_JAR_PATH_NEEDS_DELETE=0
_SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
__check_for_binary() (
type -p "$@" > /dev/null
)
pre_check() {
declare -a missing=()
__check_for_binary curl || missing+=(curl)
__check_for_binary javac || missing+=(javac)
__check_for_binary zip || missing+=(zip)
__check_for_binary python2 || missing+=(python2)
if (( ${#missing[@]} > 0)); then
echo "Missing required tools: ${missing[@]}"
return 1
fi
return 0
}
cleanup() {
_RETCODE=$?
set +eE
trap '' INT ERR EXIT
if [ -n "$NO_BUILD_CLEANUP" ]; then
echo "NO_BUILD_CLEANUP set, not cleaning up"
exit
fi
echo "Cleaning up..."
[ "$_JYTHON_JAR_PATH_NEEDS_DELETE" -eq 1 ] && rm "$JYTHON_JAR_PATH"
[ -n "$_TMP_WORKDIR" ] && rm -rf "$_TMP_WORKDIR"
exit "$_RETCODE"
}
download_jython() {
JYTHON_JAR_PATH=$(mktemp --suffix .jar)
echo "Downloading Jython to $JYTHON_JAR_PATH..."
_JYTHON_JAR_PATH_NEEDS_DELETE=1
curl -L "$JYTHON_URL" --output "$JYTHON_JAR_PATH"
}
set_up_dir() {
_TMP_WORKDIR=$(mktemp -d)
echo "Using temporary directory $_TMP_WORKDIR"
mkdir "$_TMP_WORKDIR/Lib/"
cp "$JYTHON_JAR_PATH" "$_TMP_WORKDIR/build.jar"
}
get_python_packages() {
echo "Installing required packages using pip..."
python2 -m pip install --target "$_TMP_WORKDIR/Lib/" -r "$_SCRIPT_DIR/requirements.txt"
}
copy_over_source() {
echo "Copying over source files..."
cp "$_SCRIPT_DIR"/*.py "$_TMP_WORKDIR/Lib"
}
build_java_shim() {
echo "Building jar shim files..."
javac -cp "$_TMP_WORKDIR/build.jar" -d "$_TMP_WORKDIR" "$_SCRIPT_DIR/JarShim/burp/"*.java
}
bundle_jar() (
echo "Bundling jar..."
cd "$_TMP_WORKDIR"
zip -qr build.jar Lib
zip -qr build.jar burp
)
copy_artifact() {
_OUT_DIR="$_SCRIPT_DIR/out"
_OUT_FILENAME="ElasticBurp-$(date '+%F-%H-%M-%S').jar"
echo "Copying bundled jar to '$_OUT_DIR/$_OUT_FILENAME'..."
mkdir -p "$_OUT_DIR" || true
cp "$_TMP_WORKDIR/build.jar" "$_OUT_DIR/$_OUT_FILENAME"
}
main() {
pre_check
trap cleanup INT ERR EXIT
[ -z "$JYTHON_JAR_PATH" ] && download_jython
set_up_dir
get_python_packages
copy_over_source
build_java_shim
bundle_jar
copy_artifact
}
main