diff --git a/pom.xml b/pom.xml index 1e68627..f26e767 100644 --- a/pom.xml +++ b/pom.xml @@ -12,54 +12,49 @@ com.google.code.gson gson - 2.8.6 + 2.9.0 com.sun.xml.bind jaxb-core - 2.3.0.1 + 4.0.1 javax.xml.bind jaxb-api - 2.3.1 - - - com.sun.xml.bind - jaxb-impl - 2.3.1 + 2.4.0-b180830.0359 org.java-websocket Java-WebSocket - 1.5.0 + 1.5.3 net.portswigger.burp.extender burp-extender-api - 2.1 + 2.3 software.amazon.awssdk bom - 2.16.99 + 2.17.285 pom runtime software.amazon.awssdk cognitoidentity - 2.16.99 + 2.17.285 software.amazon.awssdk cognitoidentityprovider - 2.16.99 + 2.17.285 software.amazon.awssdk cognitosync - 2.16.99 + 2.17.285 @@ -84,8 +79,8 @@ maven-compiler-plugin 2.3.2 - 1.8 - 1.8 + 14 + 14 diff --git a/src/burp/IBurpCollaboratorClientContext.java b/src/burp/IBurpCollaboratorClientContext.java deleted file mode 100644 index 0ffe19a..0000000 --- a/src/burp/IBurpCollaboratorClientContext.java +++ /dev/null @@ -1,97 +0,0 @@ -package burp; - -/* - * @(#)IBurpCollaboratorClientContext.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.util.List; - -/** - * This interface represents an instance of a Burp Collaborator client context, - * which can be used to generate Burp Collaborator payloads and poll the - * Collaborator server for any network interactions that result from using those - * payloads. Extensions can obtain new instances of this class by calling - * IBurpExtenderCallbacks.createBurpCollaboratorClientContext(). - * Note that each Burp Collaborator client context is tied to the Collaborator - * server configuration that was in place at the time the context was created. - */ -public interface IBurpCollaboratorClientContext -{ - - /** - * This method is used to generate new Burp Collaborator payloads. - * - * @param includeCollaboratorServerLocation Specifies whether to include the - * Collaborator server location in the generated payload. - * @return The payload that was generated. - * - * @throws IllegalStateException if Burp Collaborator is disabled - */ - String generatePayload(boolean includeCollaboratorServerLocation); - - /** - * This method is used to retrieve all interactions received by the - * Collaborator server resulting from payloads that were generated for this - * context. - * - * @return The Collaborator interactions that have occurred resulting from - * payloads that were generated for this context. - * - * @throws IllegalStateException if Burp Collaborator is disabled - */ - List fetchAllCollaboratorInteractions(); - - /** - * This method is used to retrieve interactions received by the Collaborator - * server resulting from a single payload that was generated for this - * context. - * - * @param payload The payload for which interactions will be retrieved. - * @return The Collaborator interactions that have occurred resulting from - * the given payload. - * - * @throws IllegalStateException if Burp Collaborator is disabled - */ - List fetchCollaboratorInteractionsFor(String payload); - - /** - * This method is used to retrieve all interactions made by Burp Infiltrator - * instrumentation resulting from payloads that were generated for this - * context. - * - * @return The interactions triggered by the Burp Infiltrator - * instrumentation that have occurred resulting from payloads that were - * generated for this context. - * - * @throws IllegalStateException if Burp Collaborator is disabled - */ - List fetchAllInfiltratorInteractions(); - - /** - * This method is used to retrieve interactions made by Burp Infiltrator - * instrumentation resulting from a single payload that was generated for - * this context. - * - * @param payload The payload for which interactions will be retrieved. - * @return The interactions triggered by the Burp Infiltrator - * instrumentation that have occurred resulting from the given payload. - * - * @throws IllegalStateException if Burp Collaborator is disabled - */ - List fetchInfiltratorInteractionsFor(String payload); - - /** - * This method is used to retrieve the network location of the Collaborator - * server. - * - * @return The hostname or IP address of the Collaborator server. - * - * @throws IllegalStateException if Burp Collaborator is disabled - */ - String getCollaboratorServerLocation(); -} diff --git a/src/burp/IBurpCollaboratorInteraction.java b/src/burp/IBurpCollaboratorInteraction.java deleted file mode 100644 index 4299c7b..0000000 --- a/src/burp/IBurpCollaboratorInteraction.java +++ /dev/null @@ -1,41 +0,0 @@ -package burp; - -/* - * @(#)IBurpCollaboratorInteraction.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.util.Map; - -/** - * This interface represents a network interaction that occurred with the Burp - * Collaborator server. - */ -public interface IBurpCollaboratorInteraction -{ - - /** - * This method is used to retrieve a property of the interaction. Properties - * of all interactions are: interaction_id, type, client_ip, and time_stamp. - * Properties of DNS interactions are: query_type and raw_query. The - * raw_query value is Base64-encoded. Properties of HTTP interactions are: - * protocol, request, and response. The request and response values are - * Base64-encoded. - * - * @param name The name of the property to retrieve. - * @return A string representing the property value, or null if not present. - */ - String getProperty(String name); - - /** - * This method is used to retrieve a map containing all properties of the - * interaction. - * - * @return A map containing all properties of the interaction. - */ - Map getProperties(); -} diff --git a/src/burp/IBurpExtender.java b/src/burp/IBurpExtender.java deleted file mode 100644 index 8cb7390..0000000 --- a/src/burp/IBurpExtender.java +++ /dev/null @@ -1,31 +0,0 @@ -package burp; - -/* - * @(#)IBurpExtender.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * All extensions must implement this interface. - * - * Implementations must be called BurpExtender, in the package burp, must be - * declared public, and must provide a default (public, no-argument) - * constructor. - */ -public interface IBurpExtender -{ - /** - * This method is invoked when the extension is loaded. It registers an - * instance of the - * IBurpExtenderCallbacks interface, providing methods that may - * be invoked by the extension to perform various actions. - * - * @param callbacks An - * IBurpExtenderCallbacks object. - */ - void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks); -} diff --git a/src/burp/IBurpExtenderCallbacks.java b/src/burp/IBurpExtenderCallbacks.java deleted file mode 100644 index 58e552c..0000000 --- a/src/burp/IBurpExtenderCallbacks.java +++ /dev/null @@ -1,1089 +0,0 @@ -package burp; - -/* - * @(#)IBurpExtenderCallbacks.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ - -import java.awt.*; -import java.io.OutputStream; -import java.util.List; -import java.util.Map; - -/** - * This interface is used by Burp Suite to pass to extensions a set of callback - * methods that can be used by extensions to perform various actions within - * Burp. - * - * When an extension is loaded, Burp invokes its - * registerExtenderCallbacks() method and passes an instance of the - * IBurpExtenderCallbacks interface. The extension may then invoke - * the methods of this interface as required in order to extend Burp's - * functionality. - */ -public interface IBurpExtenderCallbacks -{ - - /** - * Flag used to identify Burp Suite as a whole. - */ - int TOOL_SUITE = 0x00000001; - /** - * Flag used to identify the Burp Target tool. - */ - int TOOL_TARGET = 0x00000002; - /** - * Flag used to identify the Burp Proxy tool. - */ - int TOOL_PROXY = 0x00000004; - /** - * Flag used to identify the Burp Spider tool. - */ - int TOOL_SPIDER = 0x00000008; - /** - * Flag used to identify the Burp Scanner tool. - */ - int TOOL_SCANNER = 0x00000010; - /** - * Flag used to identify the Burp Intruder tool. - */ - int TOOL_INTRUDER = 0x00000020; - /** - * Flag used to identify the Burp Repeater tool. - */ - int TOOL_REPEATER = 0x00000040; - /** - * Flag used to identify the Burp Sequencer tool. - */ - int TOOL_SEQUENCER = 0x00000080; - /** - * Flag used to identify the Burp Decoder tool. - */ - int TOOL_DECODER = 0x00000100; - /** - * Flag used to identify the Burp Comparer tool. - */ - int TOOL_COMPARER = 0x00000200; - /** - * Flag used to identify the Burp Extender tool. - */ - int TOOL_EXTENDER = 0x00000400; - - /** - * This method is used to set the display name for the current extension, - * which will be displayed within the user interface for the Extender tool. - * - * @param name The extension name. - */ - void setExtensionName(String name); - - /** - * This method is used to obtain an IExtensionHelpers object, - * which can be used by the extension to perform numerous useful tasks. - * - * @return An object containing numerous helper methods, for tasks such as - * building and analyzing HTTP requests. - */ - IExtensionHelpers getHelpers(); - - /** - * This method is used to obtain the current extension's standard output - * stream. Extensions should write all output to this stream, allowing the - * Burp user to configure how that output is handled from within the UI. - * - * @return The extension's standard output stream. - */ - OutputStream getStdout(); - - /** - * This method is used to obtain the current extension's standard error - * stream. Extensions should write all error messages to this stream, - * allowing the Burp user to configure how that output is handled from - * within the UI. - * - * @return The extension's standard error stream. - */ - OutputStream getStderr(); - - /** - * This method prints a line of output to the current extension's standard - * output stream. - * - * @param output The message to print. - */ - void printOutput(String output); - - /** - * This method prints a line of output to the current extension's standard - * error stream. - * - * @param error The message to print. - */ - void printError(String error); - - /** - * This method is used to register a listener which will be notified of - * changes to the extension's state. Note: Any extensions that start - * background threads or open system resources (such as files or database - * connections) should register a listener and terminate threads / close - * resources when the extension is unloaded. - * - * @param listener An object created by the extension that implements the - * IExtensionStateListener interface. - */ - void registerExtensionStateListener(IExtensionStateListener listener); - - /** - * This method is used to retrieve the extension state listeners that are - * registered by the extension. - * - * @return A list of extension state listeners that are currently registered - * by this extension. - */ - List getExtensionStateListeners(); - - /** - * This method is used to remove an extension state listener that has been - * registered by the extension. - * - * @param listener The extension state listener to be removed. - */ - void removeExtensionStateListener(IExtensionStateListener listener); - - /** - * This method is used to register a listener which will be notified of - * requests and responses made by any Burp tool. Extensions can perform - * custom analysis or modification of these messages by registering an HTTP - * listener. - * - * @param listener An object created by the extension that implements the - * IHttpListener interface. - */ - void registerHttpListener(IHttpListener listener); - - /** - * This method is used to retrieve the HTTP listeners that are registered by - * the extension. - * - * @return A list of HTTP listeners that are currently registered by this - * extension. - */ - List getHttpListeners(); - - /** - * This method is used to remove an HTTP listener that has been registered - * by the extension. - * - * @param listener The HTTP listener to be removed. - */ - void removeHttpListener(IHttpListener listener); - - /** - * This method is used to register a listener which will be notified of - * requests and responses being processed by the Proxy tool. Extensions can - * perform custom analysis or modification of these messages, and control - * in-UI message interception, by registering a proxy listener. - * - * @param listener An object created by the extension that implements the - * IProxyListener interface. - */ - void registerProxyListener(IProxyListener listener); - - /** - * This method is used to retrieve the Proxy listeners that are registered - * by the extension. - * - * @return A list of Proxy listeners that are currently registered by this - * extension. - */ - List getProxyListeners(); - - /** - * This method is used to remove a Proxy listener that has been registered - * by the extension. - * - * @param listener The Proxy listener to be removed. - */ - void removeProxyListener(IProxyListener listener); - - /** - * This method is used to register a listener which will be notified of new - * issues that are reported by the Scanner tool. Extensions can perform - * custom analysis or logging of Scanner issues by registering a Scanner - * listener. - * - * @param listener An object created by the extension that implements the - * IScannerListener interface. - */ - void registerScannerListener(IScannerListener listener); - - /** - * This method is used to retrieve the Scanner listeners that are registered - * by the extension. - * - * @return A list of Scanner listeners that are currently registered by this - * extension. - */ - List getScannerListeners(); - - /** - * This method is used to remove a Scanner listener that has been registered - * by the extension. - * - * @param listener The Scanner listener to be removed. - */ - void removeScannerListener(IScannerListener listener); - - /** - * This method is used to register a listener which will be notified of - * changes to Burp's suite-wide target scope. - * - * @param listener An object created by the extension that implements the - * IScopeChangeListener interface. - */ - void registerScopeChangeListener(IScopeChangeListener listener); - - /** - * This method is used to retrieve the scope change listeners that are - * registered by the extension. - * - * @return A list of scope change listeners that are currently registered by - * this extension. - */ - List getScopeChangeListeners(); - - /** - * This method is used to remove a scope change listener that has been - * registered by the extension. - * - * @param listener The scope change listener to be removed. - */ - void removeScopeChangeListener(IScopeChangeListener listener); - - /** - * This method is used to register a factory for custom context menu items. - * When the user invokes a context menu anywhere within Burp, the factory - * will be passed details of the invocation event, and asked to provide any - * custom context menu items that should be shown. - * - * @param factory An object created by the extension that implements the - * IContextMenuFactory interface. - */ - void registerContextMenuFactory(IContextMenuFactory factory); - - /** - * This method is used to retrieve the context menu factories that are - * registered by the extension. - * - * @return A list of context menu factories that are currently registered by - * this extension. - */ - List getContextMenuFactories(); - - /** - * This method is used to remove a context menu factory that has been - * registered by the extension. - * - * @param factory The context menu factory to be removed. - */ - void removeContextMenuFactory(IContextMenuFactory factory); - - /** - * This method is used to register a factory for custom message editor tabs. - * For each message editor that already exists, or is subsequently created, - * within Burp, the factory will be asked to provide a new instance of an - * IMessageEditorTab object, which can provide custom rendering - * or editing of HTTP messages. - * - * @param factory An object created by the extension that implements the - * IMessageEditorTabFactory interface. - */ - void registerMessageEditorTabFactory(IMessageEditorTabFactory factory); - - /** - * This method is used to retrieve the message editor tab factories that are - * registered by the extension. - * - * @return A list of message editor tab factories that are currently - * registered by this extension. - */ - List getMessageEditorTabFactories(); - - /** - * This method is used to remove a message editor tab factory that has been - * registered by the extension. - * - * @param factory The message editor tab factory to be removed. - */ - void removeMessageEditorTabFactory(IMessageEditorTabFactory factory); - - /** - * This method is used to register a provider of Scanner insertion points. - * For each base request that is actively scanned, Burp will ask the - * provider to provide any custom scanner insertion points that are - * appropriate for the request. - * - * @param provider An object created by the extension that implements the - * IScannerInsertionPointProvider interface. - */ - void registerScannerInsertionPointProvider( - IScannerInsertionPointProvider provider); - - /** - * This method is used to retrieve the Scanner insertion point providers - * that are registered by the extension. - * - * @return A list of Scanner insertion point providers that are currently - * registered by this extension. - */ - List getScannerInsertionPointProviders(); - - /** - * This method is used to remove a Scanner insertion point provider that has - * been registered by the extension. - * - * @param provider The Scanner insertion point provider to be removed. - */ - void removeScannerInsertionPointProvider( - IScannerInsertionPointProvider provider); - - /** - * This method is used to register a custom Scanner check. When performing - * scanning, Burp will ask the check to perform active or passive scanning - * on the base request, and report any Scanner issues that are identified. - * - * @param check An object created by the extension that implements the - * IScannerCheck interface. - */ - void registerScannerCheck(IScannerCheck check); - - /** - * This method is used to retrieve the Scanner checks that are registered by - * the extension. - * - * @return A list of Scanner checks that are currently registered by this - * extension. - */ - List getScannerChecks(); - - /** - * This method is used to remove a Scanner check that has been registered by - * the extension. - * - * @param check The Scanner check to be removed. - */ - void removeScannerCheck(IScannerCheck check); - - /** - * This method is used to register a factory for Intruder payloads. Each - * registered factory will be available within the Intruder UI for the user - * to select as the payload source for an attack. When this is selected, the - * factory will be asked to provide a new instance of an - * IIntruderPayloadGenerator object, which will be used to - * generate payloads for the attack. - * - * @param factory An object created by the extension that implements the - * IIntruderPayloadGeneratorFactory interface. - */ - void registerIntruderPayloadGeneratorFactory( - IIntruderPayloadGeneratorFactory factory); - - /** - * This method is used to retrieve the Intruder payload generator factories - * that are registered by the extension. - * - * @return A list of Intruder payload generator factories that are currently - * registered by this extension. - */ - List - getIntruderPayloadGeneratorFactories(); - - /** - * This method is used to remove an Intruder payload generator factory that - * has been registered by the extension. - * - * @param factory The Intruder payload generator factory to be removed. - */ - void removeIntruderPayloadGeneratorFactory( - IIntruderPayloadGeneratorFactory factory); - - /** - * This method is used to register a custom Intruder payload processor. Each - * registered processor will be available within the Intruder UI for the - * user to select as the action for a payload processing rule. - * - * @param processor An object created by the extension that implements the - * IIntruderPayloadProcessor interface. - */ - void registerIntruderPayloadProcessor(IIntruderPayloadProcessor processor); - - /** - * This method is used to retrieve the Intruder payload processors that are - * registered by the extension. - * - * @return A list of Intruder payload processors that are currently - * registered by this extension. - */ - List getIntruderPayloadProcessors(); - - /** - * This method is used to remove an Intruder payload processor that has been - * registered by the extension. - * - * @param processor The Intruder payload processor to be removed. - */ - void removeIntruderPayloadProcessor(IIntruderPayloadProcessor processor); - - /** - * This method is used to register a custom session handling action. Each - * registered action will be available within the session handling rule UI - * for the user to select as a rule action. Users can choose to invoke an - * action directly in its own right, or following execution of a macro. - * - * @param action An object created by the extension that implements the - * ISessionHandlingAction interface. - */ - void registerSessionHandlingAction(ISessionHandlingAction action); - - /** - * This method is used to retrieve the session handling actions that are - * registered by the extension. - * - * @return A list of session handling actions that are currently registered - * by this extension. - */ - List getSessionHandlingActions(); - - /** - * This method is used to remove a session handling action that has been - * registered by the extension. - * - * @param action The extension session handling action to be removed. - */ - void removeSessionHandlingAction(ISessionHandlingAction action); - - /** - * This method is used to unload the extension from Burp Suite. - */ - void unloadExtension(); - - /** - * This method is used to add a custom tab to the main Burp Suite window. - * - * @param tab An object created by the extension that implements the - * ITab interface. - */ - void addSuiteTab(ITab tab); - - /** - * This method is used to remove a previously-added tab from the main Burp - * Suite window. - * - * @param tab An object created by the extension that implements the - * ITab interface. - */ - void removeSuiteTab(ITab tab); - - /** - * This method is used to customize UI components in line with Burp's UI - * style, including font size, colors, table line spacing, etc. The action - * is performed recursively on any child components of the passed-in - * component. - * - * @param component The UI component to be customized. - */ - void customizeUiComponent(Component component); - - /** - * This method is used to create a new instance of Burp's HTTP message - * editor, for the extension to use in its own UI. - * - * @param controller An object created by the extension that implements the - * IMessageEditorController interface. This parameter is - * optional and may be null. If it is provided, then the - * message editor will query the controller when required to obtain details - * about the currently displayed message, including the - * IHttpService for the message, and the associated request or - * response message. If a controller is not provided, then the message - * editor will not support context menu actions, such as sending requests to - * other Burp tools. - * @param editable Indicates whether the editor created should be editable, - * or used only for message viewing. - * @return An object that implements the IMessageEditor - * interface, and which the extension can use in its own UI. - */ - IMessageEditor createMessageEditor(IMessageEditorController controller, - boolean editable); - - /** - * This method returns the command line arguments that were passed to Burp - * on startup. - * - * @return The command line arguments that were passed to Burp on startup. - */ - String[] getCommandLineArguments(); - - /** - * This method is used to save configuration settings for the extension in a - * persistent way that survives reloads of the extension and of Burp Suite. - * Saved settings can be retrieved using the method - * loadExtensionSetting(). - * - * @param name The name of the setting. - * @param value The value of the setting. If this value is null - * then any existing setting with the specified name will be removed. - */ - void saveExtensionSetting(String name, String value); - - /** - * This method is used to load configuration settings for the extension that - * were saved using the method saveExtensionSetting(). - * - * @param name The name of the setting. - * @return The value of the setting, or null if no value is - * set. - */ - String loadExtensionSetting(String name); - - /** - * This method is used to create a new instance of Burp's plain text editor, - * for the extension to use in its own UI. - * - * @return An object that implements the ITextEditor interface, - * and which the extension can use in its own UI. - */ - ITextEditor createTextEditor(); - - /** - * This method can be used to send an HTTP request to the Burp Repeater - * tool. The request will be displayed in the user interface, but will not - * be issued until the user initiates this action. - * - * @param host The hostname of the remote HTTP server. - * @param port The port of the remote HTTP server. - * @param useHttps Flags whether the protocol is HTTPS or HTTP. - * @param request The full HTTP request. - * @param tabCaption An optional caption which will appear on the Repeater - * tab containing the request. If this value is null then a - * default tab index will be displayed. - */ - void sendToRepeater( - String host, - int port, - boolean useHttps, - byte[] request, - String tabCaption); - - /** - * This method can be used to send an HTTP request to the Burp Intruder - * tool. The request will be displayed in the user interface, and markers - * for attack payloads will be placed into default locations within the - * request. - * - * @param host The hostname of the remote HTTP server. - * @param port The port of the remote HTTP server. - * @param useHttps Flags whether the protocol is HTTPS or HTTP. - * @param request The full HTTP request. - */ - void sendToIntruder( - String host, - int port, - boolean useHttps, - byte[] request); - - /** - * This method can be used to send an HTTP request to the Burp Intruder - * tool. The request will be displayed in the user interface, and markers - * for attack payloads will be placed into the specified locations within - * the request. - * - * @param host The hostname of the remote HTTP server. - * @param port The port of the remote HTTP server. - * @param useHttps Flags whether the protocol is HTTPS or HTTP. - * @param request The full HTTP request. - * @param payloadPositionOffsets A list of index pairs representing the - * payload positions to be used. Each item in the list must be an int[2] - * array containing the start and end offsets for the payload position. - */ - void sendToIntruder( - String host, - int port, - boolean useHttps, - byte[] request, - List payloadPositionOffsets); - - /** - * This method can be used to send data to the Comparer tool. - * - * @param data The data to be sent to Comparer. - */ - void sendToComparer(byte[] data); - - /** - * This method can be used to send a seed URL to the Burp Spider tool. If - * the URL is not within the current Spider scope, the user will be asked if - * they wish to add the URL to the scope. If the Spider is not currently - * running, it will be started. The seed URL will be requested, and the - * Spider will process the application's response in the normal way. - * - * @param url The new seed URL to begin spidering from. - */ - void sendToSpider( - java.net.URL url); - - /** - * This method can be used to send an HTTP request to the Burp Scanner tool - * to perform an active vulnerability scan. If the request is not within the - * current active scanning scope, the user will be asked if they wish to - * proceed with the scan. - * - * @param host The hostname of the remote HTTP server. - * @param port The port of the remote HTTP server. - * @param useHttps Flags whether the protocol is HTTPS or HTTP. - * @param request The full HTTP request. - * @return The resulting scan queue item. - */ - IScanQueueItem doActiveScan( - String host, - int port, - boolean useHttps, - byte[] request); - - /** - * This method can be used to send an HTTP request to the Burp Scanner tool - * to perform an active vulnerability scan, based on a custom list of - * insertion points that are to be scanned. If the request is not within the - * current active scanning scope, the user will be asked if they wish to - * proceed with the scan. - * - * @param host The hostname of the remote HTTP server. - * @param port The port of the remote HTTP server. - * @param useHttps Flags whether the protocol is HTTPS or HTTP. - * @param request The full HTTP request. - * @param insertionPointOffsets A list of index pairs representing the - * positions of the insertion points that should be scanned. Each item in - * the list must be an int[2] array containing the start and end offsets for - * the insertion point. - * @return The resulting scan queue item. - */ - IScanQueueItem doActiveScan( - String host, - int port, - boolean useHttps, - byte[] request, - List insertionPointOffsets); - - /** - * This method can be used to send an HTTP request to the Burp Scanner tool - * to perform a passive vulnerability scan. - * - * @param host The hostname of the remote HTTP server. - * @param port The port of the remote HTTP server. - * @param useHttps Flags whether the protocol is HTTPS or HTTP. - * @param request The full HTTP request. - * @param response The full HTTP response. - */ - void doPassiveScan( - String host, - int port, - boolean useHttps, - byte[] request, - byte[] response); - - /** - * This method can be used to issue HTTP requests and retrieve their - * responses. - * - * @param httpService The HTTP service to which the request should be sent. - * @param request The full HTTP request. - * @return An object that implements the IHttpRequestResponse - * interface, and which the extension can query to obtain the details of the - * response. - */ - IHttpRequestResponse makeHttpRequest(IHttpService httpService, - byte[] request); - - /** - * This method can be used to issue HTTP requests and retrieve their - * responses. - * - * @param host The hostname of the remote HTTP server. - * @param port The port of the remote HTTP server. - * @param useHttps Flags whether the protocol is HTTPS or HTTP. - * @param request The full HTTP request. - * @return The full response retrieved from the remote server. - */ - byte[] makeHttpRequest( - String host, - int port, - boolean useHttps, - byte[] request); - - /** - * This method can be used to query whether a specified URL is within the - * current Suite-wide scope. - * - * @param url The URL to query. - * @return Returns true if the URL is within the current - * Suite-wide scope. - */ - boolean isInScope(java.net.URL url); - - /** - * This method can be used to include the specified URL in the Suite-wide - * scope. - * - * @param url The URL to include in the Suite-wide scope. - */ - void includeInScope(java.net.URL url); - - /** - * This method can be used to exclude the specified URL from the Suite-wide - * scope. - * - * @param url The URL to exclude from the Suite-wide scope. - */ - void excludeFromScope(java.net.URL url); - - /** - * This method can be used to display a specified message in the Burp Suite - * alerts tab. - * - * @param message The alert message to display. - */ - void issueAlert(String message); - - /** - * This method returns details of all items in the Proxy history. - * - * @return The contents of the Proxy history. - */ - IHttpRequestResponse[] getProxyHistory(); - - /** - * This method returns details of items in the site map. - * - * @param urlPrefix This parameter can be used to specify a URL prefix, in - * order to extract a specific subset of the site map. The method performs a - * simple case-sensitive text match, returning all site map items whose URL - * begins with the specified prefix. If this parameter is null, the entire - * site map is returned. - * - * @return Details of items in the site map. - */ - IHttpRequestResponse[] getSiteMap(String urlPrefix); - - /** - * This method returns all of the current scan issues for URLs matching the - * specified literal prefix. - * - * @param urlPrefix This parameter can be used to specify a URL prefix, in - * order to extract a specific subset of scan issues. The method performs a - * simple case-sensitive text match, returning all scan issues whose URL - * begins with the specified prefix. If this parameter is null, all issues - * are returned. - * @return Details of the scan issues. - */ - IScanIssue[] getScanIssues(String urlPrefix); - - /** - * This method is used to generate a report for the specified Scanner - * issues. The report format can be specified. For all other reporting - * options, the default settings that appear in the reporting UI wizard are - * used. - * - * @param format The format to be used in the report. Accepted values are - * HTML and XML. - * @param issues The Scanner issues to be reported. - * @param file The file to which the report will be saved. - */ - void generateScanReport(String format, IScanIssue[] issues, - java.io.File file); - - /** - * This method is used to retrieve the contents of Burp's session handling - * cookie jar. Extensions that provide an - * ISessionHandlingAction can query and update the cookie jar - * in order to handle unusual session handling mechanisms. - * - * @return A list of ICookie objects representing the contents - * of Burp's session handling cookie jar. - */ - List getCookieJarContents(); - - /** - * This method is used to update the contents of Burp's session handling - * cookie jar. Extensions that provide an - * ISessionHandlingAction can query and update the cookie jar - * in order to handle unusual session handling mechanisms. - * - * @param cookie An ICookie object containing details of the - * cookie to be updated. If the cookie jar already contains a cookie that - * matches the specified domain and name, then that cookie will be updated - * with the new value and expiration, unless the new value is - * null, in which case the cookie will be removed. If the - * cookie jar does not already contain a cookie that matches the specified - * domain and name, then the cookie will be added. - */ - void updateCookieJar(ICookie cookie); - - /** - * This method can be used to add an item to Burp's site map with the - * specified request/response details. This will overwrite the details of - * any existing matching item in the site map. - * - * @param item Details of the item to be added to the site map - */ - void addToSiteMap(IHttpRequestResponse item); - - /** - * This method can be used to restore Burp's state from a specified saved - * state file. This method blocks until the restore operation is completed, - * and must not be called from the event dispatch thread. - * - * @param file The file containing Burp's saved state. - * @deprecated State files have been replaced with Burp project files. - */ - @Deprecated - void restoreState(java.io.File file); - - /** - * This method can be used to save Burp's state to a specified file. This - * method blocks until the save operation is completed, and must not be - * called from the event dispatch thread. - * - * @param file The file to save Burp's state in. - * @deprecated State files have been replaced with Burp project files. - */ - @Deprecated - void saveState(java.io.File file); - - /** - * This method is no longer supported. Please use saveConfigAsJson() instead. - * - * @return A Map of name/value Strings reflecting Burp's current - * configuration. - * @deprecated Use saveConfigAsJson() instead. - */ - @Deprecated - Map saveConfig(); - - /** - * This method is no longer supported. Please use loadConfigFromJson() instead. - * - * @param config A map of name/value Strings to use as Burp's new - * configuration. - * @deprecated Use loadConfigFromJson() instead. - */ - @Deprecated - void loadConfig(Map config); - - /** - * This method causes Burp to save its current project-level configuration - * in JSON format. This is the same format that can be saved and loaded via - * the Burp user interface. To include only certain sections of the - * configuration, you can optionally supply the path to each section that - * should be included, for example: "project_options.connections". If no - * paths are provided, then the entire configuration will be saved. - * - * @param configPaths A list of Strings representing the path to each - * configuration section that should be included. - * @return A String representing the current configuration in JSON format. - */ - String saveConfigAsJson(String... configPaths); - - /** - * This method causes Burp to load a new project-level configuration from - * the JSON String provided. This is the same format that can be saved and - * loaded via the Burp user interface. Partial configurations are - * acceptable, and any settings not specified will be left unmodified. - * - * Any user-level configuration options contained in the input will be - * ignored. - * - * @param config A JSON String containing the new configuration. - */ - void loadConfigFromJson(String config); - - /** - * This method sets the master interception mode for Burp Proxy. - * - * @param enabled Indicates whether interception of Proxy messages should be - * enabled. - */ - void setProxyInterceptionEnabled(boolean enabled); - - /** - * This method retrieves information about the version of Burp in which the - * extension is running. It can be used by extensions to dynamically adjust - * their behavior depending on the functionality and APIs supported by the - * current version. - * - * @return An array of Strings comprised of: the product name (e.g. Burp - * Suite Professional), the major version (e.g. 1.5), the minor version - * (e.g. 03) - */ - String[] getBurpVersion(); - - /** - * This method retrieves the absolute path name of the file from which the - * current extension was loaded. - * - * @return The absolute path name of the file from which the current - * extension was loaded. - */ - String getExtensionFilename(); - - /** - * This method determines whether the current extension was loaded as a BApp - * (a Burp App from the BApp Store). - * - * @return Returns true if the current extension was loaded as a BApp. - */ - boolean isExtensionBapp(); - - /** - * This method can be used to shut down Burp programmatically, with an - * optional prompt to the user. If the method returns, the user canceled the - * shutdown prompt. - * - * @param promptUser Indicates whether to prompt the user to confirm the - * shutdown. - */ - void exitSuite(boolean promptUser); - - /** - * This method is used to create a temporary file on disk containing the - * provided data. Extensions can use temporary files for long-term storage - * of runtime data, avoiding the need to retain that data in memory. - * - * @param buffer The data to be saved to a temporary file. - * @return An object that implements the ITempFile interface. - */ - ITempFile saveToTempFile(byte[] buffer); - - /** - * This method is used to save the request and response of an - * IHttpRequestResponse object to temporary files, so that they - * are no longer held in memory. Extensions can used this method to convert - * IHttpRequestResponse objects into a form suitable for - * long-term storage. - * - * @param httpRequestResponse The IHttpRequestResponse object - * whose request and response messages are to be saved to temporary files. - * @return An object that implements the - * IHttpRequestResponsePersisted interface. - */ - IHttpRequestResponsePersisted saveBuffersToTempFiles( - IHttpRequestResponse httpRequestResponse); - - /** - * This method is used to apply markers to an HTTP request or response, at - * offsets into the message that are relevant for some particular purpose. - * Markers are used in various situations, such as specifying Intruder - * payload positions, Scanner insertion points, and highlights in Scanner - * issues. - * - * @param httpRequestResponse The IHttpRequestResponse object - * to which the markers should be applied. - * @param requestMarkers A list of index pairs representing the offsets of - * markers to be applied to the request message. Each item in the list must - * be an int[2] array containing the start and end offsets for the marker. - * The markers in the list should be in sequence and not overlapping. This - * parameter is optional and may be null if no request markers - * are required. - * @param responseMarkers A list of index pairs representing the offsets of - * markers to be applied to the response message. Each item in the list must - * be an int[2] array containing the start and end offsets for the marker. - * The markers in the list should be in sequence and not overlapping. This - * parameter is optional and may be null if no response markers - * are required. - * @return An object that implements the - * IHttpRequestResponseWithMarkers interface. - */ - IHttpRequestResponseWithMarkers applyMarkers( - IHttpRequestResponse httpRequestResponse, - List requestMarkers, - List responseMarkers); - - /** - * This method is used to obtain the descriptive name for the Burp tool - * identified by the tool flag provided. - * - * @param toolFlag A flag identifying a Burp tool ( TOOL_PROXY, - * TOOL_SCANNER, etc.). Tool flags are defined within this - * interface. - * @return The descriptive name for the specified tool. - */ - String getToolName(int toolFlag); - - /** - * This method is used to register a new Scanner issue. Note: - * Wherever possible, extensions should implement custom Scanner checks - * using IScannerCheck and report issues via those checks, so - * as to integrate with Burp's user-driven workflow, and ensure proper - * consolidation of duplicate reported issues. This method is only designed - * for tasks outside of the normal testing workflow, such as importing - * results from other scanning tools. - * - * @param issue An object created by the extension that implements the - * IScanIssue interface. - */ - void addScanIssue(IScanIssue issue); - - /** - * This method is used to create a new Burp Collaborator client context, - * which can be used to generate Burp Collaborator payloads and poll the - * Collaborator server for any network interactions that result from using - * those payloads. - * - * @return A new instance of IBurpCollaboratorClientContext - * that can be used to generate Collaborator payloads and retrieve - * interactions. - */ - IBurpCollaboratorClientContext createBurpCollaboratorClientContext(); - - /** - * This method parses the specified request and returns details of each - * request parameter. - * - * @param request The request to be parsed. - * @return An array of: String[] { name, value, type } - * containing details of the parameters contained within the request. - * @deprecated Use IExtensionHelpers.analyzeRequest() instead. - */ - @Deprecated - String[][] getParameters(byte[] request); - - /** - * This method parses the specified request and returns details of each HTTP - * header. - * - * @param message The request to be parsed. - * @return An array of HTTP headers. - * @deprecated Use IExtensionHelpers.analyzeRequest() or - * IExtensionHelpers.analyzeResponse() instead. - */ - @Deprecated - String[] getHeaders(byte[] message); - - /** - * This method can be used to register a new menu item which will appear on - * the various context menus that are used throughout Burp Suite to handle - * user-driven actions. - * - * @param menuItemCaption The caption to be displayed on the menu item. - * @param menuItemHandler The handler to be invoked when the user clicks on - * the menu item. - * @deprecated Use registerContextMenuFactory() instead. - */ - @Deprecated - void registerMenuItem( - String menuItemCaption, - IMenuItemHandler menuItemHandler); -} diff --git a/src/burp/IContextMenuFactory.java b/src/burp/IContextMenuFactory.java deleted file mode 100644 index 4df82fd..0000000 --- a/src/burp/IContextMenuFactory.java +++ /dev/null @@ -1,39 +0,0 @@ -package burp; - -/* - * @(#)IContextMenuFactory.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ - -import javax.swing.*; -import java.util.List; - -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerContextMenuFactory() to register - * a factory for custom context menu items. - */ -public interface IContextMenuFactory -{ - /** - * This method will be called by Burp when the user invokes a context menu - * anywhere within Burp. The factory can then provide any custom context - * menu items that should be displayed in the context menu, based on the - * details of the menu invocation. - * - * @param invocation An object that implements the - * IContextMenuInvocation interface, which the extension can - * query to obtain details of the context menu invocation. - * @return A list of custom menu items (which may include sub-menus, - * checkbox menu items, etc.) that should be displayed. Extensions may - * return - * null from this method, to indicate that no menu items are - * required. - */ - List createMenuItems(IContextMenuInvocation invocation); -} diff --git a/src/burp/IContextMenuInvocation.java b/src/burp/IContextMenuInvocation.java deleted file mode 100644 index 032d107..0000000 --- a/src/burp/IContextMenuInvocation.java +++ /dev/null @@ -1,156 +0,0 @@ -package burp; - -/* - * @(#)IContextMenuInvocation.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.awt.event.InputEvent; - -/** - * This interface is used when Burp calls into an extension-provided - * IContextMenuFactory with details of a context menu invocation. - * The custom context menu factory can query this interface to obtain details of - * the invocation event, in order to determine what menu items should be - * displayed. - */ -public interface IContextMenuInvocation -{ - /** - * Used to indicate that the context menu is being invoked in a request - * editor. - */ - static final byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0; - /** - * Used to indicate that the context menu is being invoked in a response - * editor. - */ - static final byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1; - /** - * Used to indicate that the context menu is being invoked in a non-editable - * request viewer. - */ - static final byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2; - /** - * Used to indicate that the context menu is being invoked in a non-editable - * response viewer. - */ - static final byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3; - /** - * Used to indicate that the context menu is being invoked in the Target - * site map tree. - */ - static final byte CONTEXT_TARGET_SITE_MAP_TREE = 4; - /** - * Used to indicate that the context menu is being invoked in the Target - * site map table. - */ - static final byte CONTEXT_TARGET_SITE_MAP_TABLE = 5; - /** - * Used to indicate that the context menu is being invoked in the Proxy - * history. - */ - static final byte CONTEXT_PROXY_HISTORY = 6; - /** - * Used to indicate that the context menu is being invoked in the Scanner - * results. - */ - static final byte CONTEXT_SCANNER_RESULTS = 7; - /** - * Used to indicate that the context menu is being invoked in the Intruder - * payload positions editor. - */ - static final byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8; - /** - * Used to indicate that the context menu is being invoked in an Intruder - * attack results. - */ - static final byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9; - /** - * Used to indicate that the context menu is being invoked in a search - * results window. - */ - static final byte CONTEXT_SEARCH_RESULTS = 10; - - /** - * This method can be used to retrieve the native Java input event that was - * the trigger for the context menu invocation. - * - * @return The InputEvent that was the trigger for the context - * menu invocation. - */ - InputEvent getInputEvent(); - - /** - * This method can be used to retrieve the Burp tool within which the - * context menu was invoked. - * - * @return A flag indicating the Burp tool within which the context menu was - * invoked. Burp tool flags are defined in the - * IBurpExtenderCallbacks interface. - */ - int getToolFlag(); - - /** - * This method can be used to retrieve the context within which the menu was - * invoked. - * - * @return An index indicating the context within which the menu was - * invoked. The indices used are defined within this interface. - */ - byte getInvocationContext(); - - /** - * This method can be used to retrieve the bounds of the user's selection - * into the current message, if applicable. - * - * @return An int[2] array containing the start and end offsets of the - * user's selection in the current message. If the user has not made any - * selection in the current message, both offsets indicate the position of - * the caret within the editor. If the menu is not being invoked from a - * message editor, the method returns null. - */ - int[] getSelectionBounds(); - - /** - * This method can be used to retrieve details of the HTTP requests / - * responses that were shown or selected by the user when the context menu - * was invoked. - * - * Note: For performance reasons, the objects returned from this - * method are tied to the originating context of the messages within the - * Burp UI. For example, if a context menu is invoked on the Proxy intercept - * panel, then the - * IHttpRequestResponse returned by this method will reflect - * the current contents of the interception panel, and this will change when - * the current message has been forwarded or dropped. If your extension - * needs to store details of the message for which the context menu has been - * invoked, then you should query those details from the - * IHttpRequestResponse at the time of invocation, or you - * should use - * IBurpExtenderCallbacks.saveBuffersToTempFiles() to create a - * persistent read-only copy of the - * IHttpRequestResponse. - * - * @return An array of IHttpRequestResponse objects - * representing the items that were shown or selected by the user when the - * context menu was invoked. This method returns null if no - * messages are applicable to the invocation. - */ - IHttpRequestResponse[] getSelectedMessages(); - - /** - * This method can be used to retrieve details of the Scanner issues that - * were selected by the user when the context menu was invoked. - * - * @return An array of IScanIssue objects representing the - * issues that were selected by the user when the context menu was invoked. - * This method returns null if no Scanner issues are applicable - * to the invocation. - */ - IScanIssue[] getSelectedIssues(); -} diff --git a/src/burp/ICookie.java b/src/burp/ICookie.java deleted file mode 100644 index 8c3aaa1..0000000 --- a/src/burp/ICookie.java +++ /dev/null @@ -1,61 +0,0 @@ -package burp; - -/* - * @(#)ICookie.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.util.Date; - -/** - * This interface is used to hold details about an HTTP cookie. - */ -public interface ICookie -{ - /** - * This method is used to retrieve the domain for which the cookie is in - * scope. - * - * @return The domain for which the cookie is in scope. Note: For - * cookies that have been analyzed from responses (by calling - * IExtensionHelpers.analyzeResponse() and then - * IResponseInfo.getCookies(), the domain will be - * null if the response did not explicitly set a domain - * attribute for the cookie. - */ - String getDomain(); - - /** - * This method is used to retrieve the path for which the cookie is in - * scope. - * - * @return The path for which the cookie is in scope or null if none is set. - */ - String getPath(); - - /** - * This method is used to retrieve the expiration time for the cookie. - * - * @return The expiration time for the cookie, or - * null if none is set (i.e., for non-persistent session - * cookies). - */ - Date getExpiration(); - - /** - * This method is used to retrieve the name of the cookie. - * - * @return The name of the cookie. - */ - String getName(); - - /** - * This method is used to retrieve the value of the cookie. - * @return The value of the cookie. - */ - String getValue(); -} diff --git a/src/burp/IExtensionHelpers.java b/src/burp/IExtensionHelpers.java deleted file mode 100644 index 49beb97..0000000 --- a/src/burp/IExtensionHelpers.java +++ /dev/null @@ -1,356 +0,0 @@ -package burp; - -/* - * @(#)IExtensionHelpers.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.net.URL; -import java.util.List; - -/** - * This interface contains a number of helper methods, which extensions can use - * to assist with various common tasks that arise for Burp extensions. - * - * Extensions can call IBurpExtenderCallbacks.getHelpers to obtain - * an instance of this interface. - */ -public interface IExtensionHelpers -{ - - /** - * This method can be used to analyze an HTTP request, and obtain various - * key details about it. - * - * @param request An IHttpRequestResponse object containing the - * request to be analyzed. - * @return An IRequestInfo object that can be queried to obtain - * details about the request. - */ - IRequestInfo analyzeRequest(IHttpRequestResponse request); - - /** - * This method can be used to analyze an HTTP request, and obtain various - * key details about it. - * - * @param httpService The HTTP service associated with the request. This is - * optional and may be null, in which case the resulting - * IRequestInfo object will not include the full request URL. - * @param request The request to be analyzed. - * @return An IRequestInfo object that can be queried to obtain - * details about the request. - */ - IRequestInfo analyzeRequest(IHttpService httpService, byte[] request); - - /** - * This method can be used to analyze an HTTP request, and obtain various - * key details about it. The resulting IRequestInfo object will - * not include the full request URL. To obtain the full URL, use one of the - * other overloaded analyzeRequest() methods. - * - * @param request The request to be analyzed. - * @return An IRequestInfo object that can be queried to obtain - * details about the request. - */ - IRequestInfo analyzeRequest(byte[] request); - - /** - * This method can be used to analyze an HTTP response, and obtain various - * key details about it. - * - * @param response The response to be analyzed. - * @return An IResponseInfo object that can be queried to - * obtain details about the response. - */ - IResponseInfo analyzeResponse(byte[] response); - - /** - * This method can be used to retrieve details of a specified parameter - * within an HTTP request. Note: Use analyzeRequest() to - * obtain details of all parameters within the request. - * - * @param request The request to be inspected for the specified parameter. - * @param parameterName The name of the parameter to retrieve. - * @return An IParameter object that can be queried to obtain - * details about the parameter, or null if the parameter was - * not found. - */ - IParameter getRequestParameter(byte[] request, String parameterName); - - /** - * This method can be used to URL-decode the specified data. - * - * @param data The data to be decoded. - * @return The decoded data. - */ - String urlDecode(String data); - - /** - * This method can be used to URL-encode the specified data. Any characters - * that do not need to be encoded within HTTP requests are not encoded. - * - * @param data The data to be encoded. - * @return The encoded data. - */ - String urlEncode(String data); - - /** - * This method can be used to URL-decode the specified data. - * - * @param data The data to be decoded. - * @return The decoded data. - */ - byte[] urlDecode(byte[] data); - - /** - * This method can be used to URL-encode the specified data. Any characters - * that do not need to be encoded within HTTP requests are not encoded. - * - * @param data The data to be encoded. - * @return The encoded data. - */ - byte[] urlEncode(byte[] data); - - /** - * This method can be used to Base64-decode the specified data. - * - * @param data The data to be decoded. - * @return The decoded data. - */ - byte[] base64Decode(String data); - - /** - * This method can be used to Base64-decode the specified data. - * - * @param data The data to be decoded. - * @return The decoded data. - */ - byte[] base64Decode(byte[] data); - - /** - * This method can be used to Base64-encode the specified data. - * - * @param data The data to be encoded. - * @return The encoded data. - */ - String base64Encode(String data); - - /** - * This method can be used to Base64-encode the specified data. - * - * @param data The data to be encoded. - * @return The encoded data. - */ - String base64Encode(byte[] data); - - /** - * This method can be used to convert data from String form into an array of - * bytes. The conversion does not reflect any particular character set, and - * a character with the hex representation 0xWXYZ will always be converted - * into a byte with the representation 0xYZ. It performs the opposite - * conversion to the method bytesToString(), and byte-based - * data that is converted to a String and back again using these two methods - * is guaranteed to retain its integrity (which may not be the case with - * conversions that reflect a given character set). - * - * @param data The data to be converted. - * @return The converted data. - */ - byte[] stringToBytes(String data); - - /** - * This method can be used to convert data from an array of bytes into - * String form. The conversion does not reflect any particular character - * set, and a byte with the representation 0xYZ will always be converted - * into a character with the hex representation 0x00YZ. It performs the - * opposite conversion to the method stringToBytes(), and - * byte-based data that is converted to a String and back again using these - * two methods is guaranteed to retain its integrity (which may not be the - * case with conversions that reflect a given character set). - * - * @param data The data to be converted. - * @return The converted data. - */ - String bytesToString(byte[] data); - - /** - * This method searches a piece of data for the first occurrence of a - * specified pattern. It works on byte-based data in a way that is similar - * to the way the native Java method String.indexOf() works on - * String-based data. - * - * @param data The data to be searched. - * @param pattern The pattern to be searched for. - * @param caseSensitive Flags whether or not the search is case-sensitive. - * @param from The offset within data where the search should - * begin. - * @param to The offset within data where the search should - * end. - * @return The offset of the first occurrence of the pattern within the - * specified bounds, or -1 if no match is found. - */ - int indexOf(byte[] data, - byte[] pattern, - boolean caseSensitive, - int from, - int to); - - /** - * This method builds an HTTP message containing the specified headers and - * message body. If applicable, the Content-Length header will be added or - * updated, based on the length of the body. - * - * @param headers A list of headers to include in the message. - * @param body The body of the message, of null if the message - * has an empty body. - * @return The resulting full HTTP message. - */ - byte[] buildHttpMessage(List headers, byte[] body); - - /** - * This method creates a GET request to the specified URL. The headers used - * in the request are determined by the Request headers settings as - * configured in Burp Spider's options. - * - * @param url The URL to which the request should be made. - * @return A request to the specified URL. - */ - byte[] buildHttpRequest(URL url); - - /** - * This method adds a new parameter to an HTTP request, and if appropriate - * updates the Content-Length header. - * - * @param request The request to which the parameter should be added. - * @param parameter An IParameter object containing details of - * the parameter to be added. Supported parameter types are: - * PARAM_URL, PARAM_BODY and - * PARAM_COOKIE. - * @return A new HTTP request with the new parameter added. - */ - byte[] addParameter(byte[] request, IParameter parameter); - - /** - * This method removes a parameter from an HTTP request, and if appropriate - * updates the Content-Length header. - * - * @param request The request from which the parameter should be removed. - * @param parameter An IParameter object containing details of - * the parameter to be removed. Supported parameter types are: - * PARAM_URL, PARAM_BODY and - * PARAM_COOKIE. - * @return A new HTTP request with the parameter removed. - */ - byte[] removeParameter(byte[] request, IParameter parameter); - - /** - * This method updates the value of a parameter within an HTTP request, and - * if appropriate updates the Content-Length header. Note: This - * method can only be used to update the value of an existing parameter of a - * specified type. If you need to change the type of an existing parameter, - * you should first call removeParameter() to remove the - * parameter with the old type, and then call addParameter() to - * add a parameter with the new type. - * - * @param request The request containing the parameter to be updated. - * @param parameter An IParameter object containing details of - * the parameter to be updated. Supported parameter types are: - * PARAM_URL, PARAM_BODY and - * PARAM_COOKIE. - * @return A new HTTP request with the parameter updated. - */ - byte[] updateParameter(byte[] request, IParameter parameter); - - /** - * This method can be used to toggle a request's method between GET and - * POST. Parameters are relocated between the URL query string and message - * body as required, and the Content-Length header is created or removed as - * applicable. - * - * @param request The HTTP request whose method should be toggled. - * @return A new HTTP request using the toggled method. - */ - byte[] toggleRequestMethod(byte[] request); - - /** - * This method constructs an IHttpService object based on the - * details provided. - * - * @param host The HTTP service host. - * @param port The HTTP service port. - * @param protocol The HTTP service protocol. - * @return An IHttpService object based on the details - * provided. - */ - IHttpService buildHttpService(String host, int port, String protocol); - - /** - * This method constructs an IHttpService object based on the - * details provided. - * - * @param host The HTTP service host. - * @param port The HTTP service port. - * @param useHttps Flags whether the HTTP service protocol is HTTPS or HTTP. - * @return An IHttpService object based on the details - * provided. - */ - IHttpService buildHttpService(String host, int port, boolean useHttps); - - /** - * This method constructs an IParameter object based on the - * details provided. - * - * @param name The parameter name. - * @param value The parameter value. - * @param type The parameter type, as defined in the IParameter - * interface. - * @return An IParameter object based on the details provided. - */ - IParameter buildParameter(String name, String value, byte type); - - /** - * This method constructs an IScannerInsertionPoint object - * based on the details provided. It can be used to quickly create a simple - * insertion point based on a fixed payload location within a base request. - * - * @param insertionPointName The name of the insertion point. - * @param baseRequest The request from which to build scan requests. - * @param from The offset of the start of the payload location. - * @param to The offset of the end of the payload location. - * @return An IScannerInsertionPoint object based on the - * details provided. - */ - IScannerInsertionPoint makeScannerInsertionPoint( - String insertionPointName, - byte[] baseRequest, - int from, - int to); - - /** - * This method analyzes one or more responses to identify variations in a - * number of attributes and returns an IResponseVariations - * object that can be queried to obtain details of the variations. - * - * @param responses The responses to analyze. - * @return An IResponseVariations object representing the - * variations in the responses. - */ - IResponseVariations analyzeResponseVariations(byte[]... responses); - - /** - * This method analyzes one or more responses to identify the number of - * occurrences of the specified keywords and returns an - * IResponseKeywords object that can be queried to obtain - * details of the number of occurrences of each keyword. - * - * @param keywords The keywords to look for. - * @param responses The responses to analyze. - * @return An IResponseKeywords object representing the counts - * of the keywords appearing in the responses. - */ - IResponseKeywords analyzeResponseKeywords(List keywords, byte[]... responses); -} diff --git a/src/burp/IExtensionStateListener.java b/src/burp/IExtensionStateListener.java deleted file mode 100644 index dad60ee..0000000 --- a/src/burp/IExtensionStateListener.java +++ /dev/null @@ -1,27 +0,0 @@ -package burp; - -/* - * @(#)IExtensionStateListener.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerExtensionStateListener() to - * register an extension state listener. The listener will be notified of - * changes to the extension's state. Note: Any extensions that start - * background threads or open system resources (such as files or database - * connections) should register a listener and terminate threads / close - * resources when the extension is unloaded. - */ -public interface IExtensionStateListener -{ - /** - * This method is called when the extension is unloaded. - */ - void extensionUnloaded(); -} diff --git a/src/burp/IHttpListener.java b/src/burp/IHttpListener.java deleted file mode 100644 index b781c12..0000000 --- a/src/burp/IHttpListener.java +++ /dev/null @@ -1,37 +0,0 @@ -package burp; - -/* - * @(#)IHttpListener.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerHttpListener() to register an - * HTTP listener. The listener will be notified of requests and responses made - * by any Burp tool. Extensions can perform custom analysis or modification of - * these messages by registering an HTTP listener. - */ -public interface IHttpListener -{ - /** - * This method is invoked when an HTTP request is about to be issued, and - * when an HTTP response has been received. - * - * @param toolFlag A flag indicating the Burp tool that issued the request. - * Burp tool flags are defined in the - * IBurpExtenderCallbacks interface. - * @param messageIsRequest Flags whether the method is being invoked for a - * request or response. - * @param messageInfo Details of the request / response to be processed. - * Extensions can call the setter methods on this object to update the - * current message and so modify Burp's behavior. - */ - void processHttpMessage(int toolFlag, - boolean messageIsRequest, - IHttpRequestResponse messageInfo); -} diff --git a/src/burp/IHttpRequestResponse.java b/src/burp/IHttpRequestResponse.java deleted file mode 100644 index 7a239de..0000000 --- a/src/burp/IHttpRequestResponse.java +++ /dev/null @@ -1,102 +0,0 @@ -package burp; - -/* - * @(#)IHttpRequestResponse.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used to retrieve and update details about HTTP messages. - * - * Note: The setter methods generally can only be used before the message - * has been processed, and not in read-only contexts. The getter methods - * relating to response details can only be used after the request has been - * issued. - */ -public interface IHttpRequestResponse -{ - /** - * This method is used to retrieve the request message. - * - * @return The request message. - */ - byte[] getRequest(); - - /** - * This method is used to update the request message. - * - * @param message The new request message. - */ - void setRequest(byte[] message); - - /** - * This method is used to retrieve the response message. - * - * @return The response message. - */ - byte[] getResponse(); - - /** - * This method is used to update the response message. - * - * @param message The new response message. - */ - void setResponse(byte[] message); - - /** - * This method is used to retrieve the user-annotated comment for this item, - * if applicable. - * - * @return The user-annotated comment for this item, or null if none is set. - */ - String getComment(); - - /** - * This method is used to update the user-annotated comment for this item. - * - * @param comment The comment to be assigned to this item. - */ - void setComment(String comment); - - /** - * This method is used to retrieve the user-annotated highlight for this - * item, if applicable. - * - * @return The user-annotated highlight for this item, or null if none is - * set. - */ - String getHighlight(); - - /** - * This method is used to update the user-annotated highlight for this item. - * - * @param color The highlight color to be assigned to this item. Accepted - * values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray, - * or a null String to clear any existing highlight. - */ - void setHighlight(String color); - - /** - * This method is used to retrieve the HTTP service for this request / - * response. - * - * @return An - * IHttpService object containing details of the HTTP service. - */ - IHttpService getHttpService(); - - /** - * This method is used to update the HTTP service for this request / - * response. - * - * @param httpService An - * IHttpService object containing details of the new HTTP - * service. - */ - void setHttpService(IHttpService httpService); - -} diff --git a/src/burp/IHttpRequestResponsePersisted.java b/src/burp/IHttpRequestResponsePersisted.java deleted file mode 100644 index 6ba9f6f..0000000 --- a/src/burp/IHttpRequestResponsePersisted.java +++ /dev/null @@ -1,25 +0,0 @@ -package burp; - -/* - * @(#)IHttpRequestResponsePersisted.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used for an - * IHttpRequestResponse object whose request and response messages - * have been saved to temporary files using - * IBurpExtenderCallbacks.saveBuffersToTempFiles(). - */ -public interface IHttpRequestResponsePersisted extends IHttpRequestResponse -{ - /** - * This method is deprecated and no longer performs any action. - */ - @Deprecated - void deleteTempFiles(); -} diff --git a/src/burp/IHttpRequestResponseWithMarkers.java b/src/burp/IHttpRequestResponseWithMarkers.java deleted file mode 100644 index de06e9b..0000000 --- a/src/burp/IHttpRequestResponseWithMarkers.java +++ /dev/null @@ -1,44 +0,0 @@ -package burp; - -/* - * @(#)IHttpRequestResponseWithMarkers.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.util.List; - -/** - * This interface is used for an - * IHttpRequestResponse object that has had markers applied. - * Extensions can create instances of this interface using - * IBurpExtenderCallbacks.applyMarkers(), or provide their own - * implementation. Markers are used in various situations, such as specifying - * Intruder payload positions, Scanner insertion points, and highlights in - * Scanner issues. - */ -public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse -{ - /** - * This method returns the details of the request markers. - * - * @return A list of index pairs representing the offsets of markers for the - * request message. Each item in the list is an int[2] array containing the - * start and end offsets for the marker. The method may return - * null if no request markers are defined. - */ - List getRequestMarkers(); - - /** - * This method returns the details of the response markers. - * - * @return A list of index pairs representing the offsets of markers for the - * response message. Each item in the list is an int[2] array containing the - * start and end offsets for the marker. The method may return - * null if no response markers are defined. - */ - List getResponseMarkers(); -} diff --git a/src/burp/IHttpService.java b/src/burp/IHttpService.java deleted file mode 100644 index d137838..0000000 --- a/src/burp/IHttpService.java +++ /dev/null @@ -1,39 +0,0 @@ -package burp; - -/* - * @(#)IHttpService.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used to provide details about an HTTP service, to which - * HTTP requests can be sent. - */ -public interface IHttpService -{ - /** - * This method returns the hostname or IP address for the service. - * - * @return The hostname or IP address for the service. - */ - String getHost(); - - /** - * This method returns the port number for the service. - * - * @return The port number for the service. - */ - int getPort(); - - /** - * This method returns the protocol for the service. - * - * @return The protocol for the service. Expected values are "http" or - * "https". - */ - String getProtocol(); -} diff --git a/src/burp/IInterceptedProxyMessage.java b/src/burp/IInterceptedProxyMessage.java deleted file mode 100644 index cead7f4..0000000 --- a/src/burp/IInterceptedProxyMessage.java +++ /dev/null @@ -1,116 +0,0 @@ -package burp; - -/* - * @(#)IInterceptedProxyMessage.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.net.InetAddress; - -/** - * This interface is used to represent an HTTP message that has been intercepted - * by Burp Proxy. Extensions can register an - * IProxyListener to receive details of proxy messages using this - * interface. * - */ -public interface IInterceptedProxyMessage -{ - /** - * This action causes Burp Proxy to follow the current interception rules to - * determine the appropriate action to take for the message. - */ - int ACTION_FOLLOW_RULES = 0; - /** - * This action causes Burp Proxy to present the message to the user for - * manual review or modification. - */ - int ACTION_DO_INTERCEPT = 1; - /** - * This action causes Burp Proxy to forward the message to the remote server - * or client, without presenting it to the user. - */ - int ACTION_DONT_INTERCEPT = 2; - /** - * This action causes Burp Proxy to drop the message. - */ - int ACTION_DROP = 3; - /** - * This action causes Burp Proxy to follow the current interception rules to - * determine the appropriate action to take for the message, and then make a - * second call to processProxyMessage. - */ - int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10; - /** - * This action causes Burp Proxy to present the message to the user for - * manual review or modification, and then make a second call to - * processProxyMessage. - */ - int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11; - /** - * This action causes Burp Proxy to skip user interception, and then make a - * second call to processProxyMessage. - */ - int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12; - - /** - * This method retrieves a unique reference number for this - * request/response. - * - * @return An identifier that is unique to a single request/response pair. - * Extensions can use this to correlate details of requests and responses - * and perform processing on the response message accordingly. - */ - int getMessageReference(); - - /** - * This method retrieves details of the intercepted message. - * - * @return An IHttpRequestResponse object containing details of - * the intercepted message. - */ - IHttpRequestResponse getMessageInfo(); - - /** - * This method retrieves the currently defined interception action. The - * default action is - * ACTION_FOLLOW_RULES. If multiple proxy listeners are - * registered, then other listeners may already have modified the - * interception action before it reaches the current listener. This method - * can be used to determine whether this has occurred. - * - * @return The currently defined interception action. Possible values are - * defined within this interface. - */ - int getInterceptAction(); - - /** - * This method is used to update the interception action. - * - * @param interceptAction The new interception action. Possible values are - * defined within this interface. - */ - void setInterceptAction(int interceptAction); - - /** - * This method retrieves the name of the Burp Proxy listener that is - * processing the intercepted message. - * - * @return The name of the Burp Proxy listener that is processing the - * intercepted message. The format is the same as that shown in the Proxy - * Listeners UI - for example, "127.0.0.1:8080". - */ - String getListenerInterface(); - - /** - * This method retrieves the client IP address from which the request for - * the intercepted message was received. - * - * @return The client IP address from which the request for the intercepted - * message was received. - */ - InetAddress getClientIpAddress(); -} diff --git a/src/burp/IIntruderAttack.java b/src/burp/IIntruderAttack.java deleted file mode 100644 index 8aa6b6b..0000000 --- a/src/burp/IIntruderAttack.java +++ /dev/null @@ -1,31 +0,0 @@ -package burp; - -/* - * @(#)IIntruderAttack.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used to hold details about an Intruder attack. - */ -public interface IIntruderAttack -{ - /** - * This method is used to retrieve the HTTP service for the attack. - * - * @return The HTTP service for the attack. - */ - IHttpService getHttpService(); - - /** - * This method is used to retrieve the request template for the attack. - * - * @return The request template for the attack. - */ - byte[] getRequestTemplate(); - -} diff --git a/src/burp/IIntruderPayloadGenerator.java b/src/burp/IIntruderPayloadGenerator.java deleted file mode 100644 index 7458620..0000000 --- a/src/burp/IIntruderPayloadGenerator.java +++ /dev/null @@ -1,50 +0,0 @@ -package burp; - -/* - * @(#)IIntruderPayloadGenerator.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used for custom Intruder payload generators. Extensions - * that have registered an - * IIntruderPayloadGeneratorFactory must return a new instance of - * this interface when required as part of a new Intruder attack. - */ -public interface IIntruderPayloadGenerator -{ - /** - * This method is used by Burp to determine whether the payload generator is - * able to provide any further payloads. - * - * @return Extensions should return - * false when all the available payloads have been used up, - * otherwise - * true. - */ - boolean hasMorePayloads(); - - /** - * This method is used by Burp to obtain the value of the next payload. - * - * @param baseValue The base value of the current payload position. This - * value may be - * null if the concept of a base value is not applicable (e.g. - * in a battering ram attack). - * @return The next payload to use in the attack. - */ - byte[] getNextPayload(byte[] baseValue); - - /** - * This method is used by Burp to reset the state of the payload generator - * so that the next call to - * getNextPayload() returns the first payload again. This - * method will be invoked when an attack uses the same payload generator for - * more than one payload position, for example in a sniper attack. - */ - void reset(); -} diff --git a/src/burp/IIntruderPayloadGeneratorFactory.java b/src/burp/IIntruderPayloadGeneratorFactory.java deleted file mode 100644 index b0ef9f0..0000000 --- a/src/burp/IIntruderPayloadGeneratorFactory.java +++ /dev/null @@ -1,40 +0,0 @@ -package burp; - -/* - * @(#)IIntruderPayloadGeneratorFactory.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory() - * to register a factory for custom Intruder payloads. - */ -public interface IIntruderPayloadGeneratorFactory -{ - /** - * This method is used by Burp to obtain the name of the payload generator. - * This will be displayed as an option within the Intruder UI when the user - * selects to use extension-generated payloads. - * - * @return The name of the payload generator. - */ - String getGeneratorName(); - - /** - * This method is used by Burp when the user starts an Intruder attack that - * uses this payload generator. - * - * @param attack An - * IIntruderAttack object that can be queried to obtain details - * about the attack in which the payload generator will be used. - * @return A new instance of - * IIntruderPayloadGenerator that will be used to generate - * payloads for the attack. - */ - IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack); -} diff --git a/src/burp/IIntruderPayloadProcessor.java b/src/burp/IIntruderPayloadProcessor.java deleted file mode 100644 index bf993c9..0000000 --- a/src/burp/IIntruderPayloadProcessor.java +++ /dev/null @@ -1,45 +0,0 @@ -package burp; - -/* - * @(#)IIntruderPayloadProcessor.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerIntruderPayloadProcessor() to - * register a custom Intruder payload processor. - */ -public interface IIntruderPayloadProcessor -{ - /** - * This method is used by Burp to obtain the name of the payload processor. - * This will be displayed as an option within the Intruder UI when the user - * selects to use an extension-provided payload processor. - * - * @return The name of the payload processor. - */ - String getProcessorName(); - - /** - * This method is invoked by Burp each time the processor should be applied - * to an Intruder payload. - * - * @param currentPayload The value of the payload to be processed. - * @param originalPayload The value of the original payload prior to - * processing by any already-applied processing rules. - * @param baseValue The base value of the payload position, which will be - * replaced with the current payload. - * @return The value of the processed payload. This may be - * null to indicate that the current payload should be skipped, - * and the attack will move directly to the next payload. - */ - byte[] processPayload( - byte[] currentPayload, - byte[] originalPayload, - byte[] baseValue); -} diff --git a/src/burp/IMenuItemHandler.java b/src/burp/IMenuItemHandler.java deleted file mode 100644 index 34313df..0000000 --- a/src/burp/IMenuItemHandler.java +++ /dev/null @@ -1,36 +0,0 @@ -package burp; - -/* - * @(#)IMenuItemHandler.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerMenuItem() to register a custom - * context menu item. - * - * @deprecated Use - * IContextMenuFactory instead. - */ -@Deprecated -public interface IMenuItemHandler -{ - /** - * This method is invoked by Burp Suite when the user clicks on a custom - * menu item which the extension has registered with Burp. - * - * @param menuItemCaption The caption of the menu item which was clicked. - * This parameter enables extensions to provide a single implementation - * which handles multiple different menu items. - * @param messageInfo Details of the HTTP message(s) for which the context - * menu was displayed. - */ - void menuItemClicked( - String menuItemCaption, - IHttpRequestResponse[] messageInfo); -} diff --git a/src/burp/IMessageEditor.java b/src/burp/IMessageEditor.java deleted file mode 100644 index d841a77..0000000 --- a/src/burp/IMessageEditor.java +++ /dev/null @@ -1,78 +0,0 @@ -package burp; - -/* - * @(#)IMessageEditor.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ - -import java.awt.*; - -/** - * This interface is used to provide extensions with an instance of Burp's HTTP - * message editor, for the extension to use in its own UI. Extensions should - * call IBurpExtenderCallbacks.createMessageEditor() to obtain an - * instance of this interface. - */ -public interface IMessageEditor -{ - - /** - * This method returns the UI component of the editor, for extensions to add - * to their own UI. - * - * @return The UI component of the editor. - */ - Component getComponent(); - - /** - * This method is used to display an HTTP message in the editor. - * - * @param message The HTTP message to be displayed. - * @param isRequest Flags whether the message is an HTTP request or - * response. - */ - void setMessage(byte[] message, boolean isRequest); - - /** - * This method is used to retrieve the currently displayed message, which - * may have been modified by the user. - * - * @return The currently displayed HTTP message. - */ - byte[] getMessage(); - - /** - * This method is used to determine whether the current message has been - * modified by the user. - * - * @return An indication of whether the current message has been modified by - * the user since it was first displayed. - */ - boolean isMessageModified(); - - /** - * This method returns the data that is currently selected by the user. - * - * @return The data that is currently selected by the user, or - * null if no selection is made. - */ - byte[] getSelectedData(); - - /** - * This method can be used to retrieve the bounds of the user's selection - * into the displayed message, if applicable. - * - * @return An int[2] array containing the start and end offsets of the - * user's selection within the displayed message. If the user has not made - * any selection in the current message, both offsets indicate the position - * of the caret within the editor. For some editor views, the concept of - * selection within the message does not apply, in which case this method - * returns null. - */ - int[] getSelectionBounds(); -} diff --git a/src/burp/IMessageEditorController.java b/src/burp/IMessageEditorController.java deleted file mode 100644 index df0eb16..0000000 --- a/src/burp/IMessageEditorController.java +++ /dev/null @@ -1,49 +0,0 @@ -package burp; - -/* - * @(#)IMessageEditorController.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used by an - * IMessageEditor to obtain details about the currently displayed - * message. Extensions that create instances of Burp's HTTP message editor can - * optionally provide an implementation of - * IMessageEditorController, which the editor will invoke when it - * requires further information about the current message (for example, to send - * it to another Burp tool). Extensions that provide custom editor tabs via an - * IMessageEditorTabFactory will receive a reference to an - * IMessageEditorController object for each tab instance they - * generate, which the tab can invoke if it requires further information about - * the current message. - */ -public interface IMessageEditorController -{ - /** - * This method is used to retrieve the HTTP service for the current message. - * - * @return The HTTP service for the current message. - */ - IHttpService getHttpService(); - - /** - * This method is used to retrieve the HTTP request associated with the - * current message (which may itself be a response). - * - * @return The HTTP request associated with the current message. - */ - byte[] getRequest(); - - /** - * This method is used to retrieve the HTTP response associated with the - * current message (which may itself be a request). - * - * @return The HTTP response associated with the current message. - */ - byte[] getResponse(); -} diff --git a/src/burp/IMessageEditorTab.java b/src/burp/IMessageEditorTab.java deleted file mode 100644 index bb8a312..0000000 --- a/src/burp/IMessageEditorTab.java +++ /dev/null @@ -1,104 +0,0 @@ -package burp; - -/* - * @(#)IMessageEditorTab.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ - -import java.awt.*; - -/** - * Extensions that register an - * IMessageEditorTabFactory must return instances of this - * interface, which Burp will use to create custom tabs within its HTTP message - * editors. - */ -public interface IMessageEditorTab -{ - /** - * This method returns the caption that should appear on the custom tab when - * it is displayed. Note: Burp invokes this method once when the tab - * is first generated, and the same caption will be used every time the tab - * is displayed. - * - * @return The caption that should appear on the custom tab when it is - * displayed. - */ - String getTabCaption(); - - /** - * This method returns the component that should be used as the contents of - * the custom tab when it is displayed. Note: Burp invokes this - * method once when the tab is first generated, and the same component will - * be used every time the tab is displayed. - * - * @return The component that should be used as the contents of the custom - * tab when it is displayed. - */ - Component getUiComponent(); - - /** - * The hosting editor will invoke this method before it displays a new HTTP - * message, so that the custom tab can indicate whether it should be enabled - * for that message. - * - * @param content The message that is about to be displayed, or a zero-length - * array if the existing message is to be cleared. - * @param isRequest Indicates whether the message is a request or a - * response. - * @return The method should return - * true if the custom tab is able to handle the specified - * message, and so will be displayed within the editor. Otherwise, the tab - * will be hidden while this message is displayed. - */ - boolean isEnabled(byte[] content, boolean isRequest); - - /** - * The hosting editor will invoke this method to display a new message or to - * clear the existing message. This method will only be called with a new - * message if the tab has already returned - * true to a call to - * isEnabled() with the same message details. - * - * @param content The message that is to be displayed, or - * null if the tab should clear its contents and disable any - * editable controls. - * @param isRequest Indicates whether the message is a request or a - * response. - */ - void setMessage(byte[] content, boolean isRequest); - - /** - * This method returns the currently displayed message. - * - * @return The currently displayed message. - */ - byte[] getMessage(); - - /** - * This method is used to determine whether the currently displayed message - * has been modified by the user. The hosting editor will always call - * getMessage() before calling this method, so any pending - * edits should be completed within - * getMessage(). - * - * @return The method should return - * true if the user has modified the current message since it - * was first displayed. - */ - boolean isModified(); - - /** - * This method is used to retrieve the data that is currently selected by - * the user. - * - * @return The data that is currently selected by the user. This may be - * null if no selection is currently made. - */ - byte[] getSelectedData(); -} diff --git a/src/burp/IMessageEditorTabFactory.java b/src/burp/IMessageEditorTabFactory.java deleted file mode 100644 index 6aae96e..0000000 --- a/src/burp/IMessageEditorTabFactory.java +++ /dev/null @@ -1,38 +0,0 @@ -package burp; - -/* - * @(#)IMessageEditorTabFactory.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerMessageEditorTabFactory() to - * register a factory for custom message editor tabs. This allows extensions to - * provide custom rendering or editing of HTTP messages, within Burp's own HTTP - * editor. - */ -public interface IMessageEditorTabFactory -{ - /** - * Burp will call this method once for each HTTP message editor, and the - * factory should provide a new instance of an - * IMessageEditorTab object. - * - * @param controller An - * IMessageEditorController object, which the new tab can query - * to retrieve details about the currently displayed message. This may be - * null for extension-invoked message editors where the - * extension has not provided an editor controller. - * @param editable Indicates whether the hosting editor is editable or - * read-only. - * @return A new - * IMessageEditorTab object for use within the message editor. - */ - IMessageEditorTab createNewInstance(IMessageEditorController controller, - boolean editable); -} diff --git a/src/burp/IParameter.java b/src/burp/IParameter.java deleted file mode 100644 index 1beb804..0000000 --- a/src/burp/IParameter.java +++ /dev/null @@ -1,104 +0,0 @@ -package burp; - -/* - * @(#)IParameter.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used to hold details about an HTTP request parameter. - */ -public interface IParameter -{ - /** - * Used to indicate a parameter within the URL query string. - */ - byte PARAM_URL = 0; - /** - * Used to indicate a parameter within the message body. - */ - byte PARAM_BODY = 1; - /** - * Used to indicate an HTTP cookie. - */ - byte PARAM_COOKIE = 2; - /** - * Used to indicate an item of data within an XML structure. - */ - byte PARAM_XML = 3; - /** - * Used to indicate the value of a tag attribute within an XML structure. - */ - byte PARAM_XML_ATTR = 4; - /** - * Used to indicate the value of a parameter attribute within a multi-part - * message body (such as the name of an uploaded file). - */ - byte PARAM_MULTIPART_ATTR = 5; - /** - * Used to indicate an item of data within a JSON structure. - */ - byte PARAM_JSON = 6; - - /** - * This method is used to retrieve the parameter type. - * - * @return The parameter type. The available types are defined within this - * interface. - */ - byte getType(); - - /** - * This method is used to retrieve the parameter name. - * - * @return The parameter name. - */ - String getName(); - - /** - * This method is used to retrieve the parameter value. - * - * @return The parameter value. - */ - String getValue(); - - /** - * This method is used to retrieve the start offset of the parameter name - * within the HTTP request. - * - * @return The start offset of the parameter name within the HTTP request, - * or -1 if the parameter is not associated with a specific request. - */ - int getNameStart(); - - /** - * This method is used to retrieve the end offset of the parameter name - * within the HTTP request. - * - * @return The end offset of the parameter name within the HTTP request, or - * -1 if the parameter is not associated with a specific request. - */ - int getNameEnd(); - - /** - * This method is used to retrieve the start offset of the parameter value - * within the HTTP request. - * - * @return The start offset of the parameter value within the HTTP request, - * or -1 if the parameter is not associated with a specific request. - */ - int getValueStart(); - - /** - * This method is used to retrieve the end offset of the parameter value - * within the HTTP request. - * - * @return The end offset of the parameter value within the HTTP request, or - * -1 if the parameter is not associated with a specific request. - */ - int getValueEnd(); -} diff --git a/src/burp/IProxyListener.java b/src/burp/IProxyListener.java deleted file mode 100644 index e8fb903..0000000 --- a/src/burp/IProxyListener.java +++ /dev/null @@ -1,37 +0,0 @@ -package burp; - -/* - * @(#)IProxyListener.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerProxyListener() to register a - * Proxy listener. The listener will be notified of requests and responses being - * processed by the Proxy tool. Extensions can perform custom analysis or - * modification of these messages, and control in-UI message interception, by - * registering a proxy listener. - */ -public interface IProxyListener -{ - /** - * This method is invoked when an HTTP message is being processed by the - * Proxy. - * - * @param messageIsRequest Indicates whether the HTTP message is a request - * or a response. - * @param message An - * IInterceptedProxyMessage object that extensions can use to - * query and update details of the message, and control whether the message - * should be intercepted and displayed to the user for manual review or - * modification. - */ - void processProxyMessage( - boolean messageIsRequest, - IInterceptedProxyMessage message); -} diff --git a/src/burp/IRequestInfo.java b/src/burp/IRequestInfo.java deleted file mode 100644 index 013a650..0000000 --- a/src/burp/IRequestInfo.java +++ /dev/null @@ -1,95 +0,0 @@ -package burp; - -/* - * @(#)IRequestInfo.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.net.URL; -import java.util.List; - -/** - * This interface is used to retrieve key details about an HTTP request. - * Extensions can obtain an - * IRequestInfo object for a given request by calling - * IExtensionHelpers.analyzeRequest(). - */ -public interface IRequestInfo -{ - /** - * Used to indicate that there is no content. - */ - byte CONTENT_TYPE_NONE = 0; - /** - * Used to indicate URL-encoded content. - */ - byte CONTENT_TYPE_URL_ENCODED = 1; - /** - * Used to indicate multi-part content. - */ - byte CONTENT_TYPE_MULTIPART = 2; - /** - * Used to indicate XML content. - */ - byte CONTENT_TYPE_XML = 3; - /** - * Used to indicate JSON content. - */ - byte CONTENT_TYPE_JSON = 4; - /** - * Used to indicate AMF content. - */ - byte CONTENT_TYPE_AMF = 5; - /** - * Used to indicate unknown content. - */ - byte CONTENT_TYPE_UNKNOWN = -1; - - /** - * This method is used to obtain the HTTP method used in the request. - * - * @return The HTTP method used in the request. - */ - String getMethod(); - - /** - * This method is used to obtain the URL in the request. - * - * @return The URL in the request. - */ - URL getUrl(); - - /** - * This method is used to obtain the HTTP headers contained in the request. - * - * @return The HTTP headers contained in the request. - */ - List getHeaders(); - - /** - * This method is used to obtain the parameters contained in the request. - * - * @return The parameters contained in the request. - */ - List getParameters(); - - /** - * This method is used to obtain the offset within the request where the - * message body begins. - * - * @return The offset within the request where the message body begins. - */ - int getBodyOffset(); - - /** - * This method is used to obtain the content type of the message body. - * - * @return An indication of the content type of the message body. Available - * types are defined within this interface. - */ - byte getContentType(); -} diff --git a/src/burp/IResponseInfo.java b/src/burp/IResponseInfo.java deleted file mode 100644 index a887d2f..0000000 --- a/src/burp/IResponseInfo.java +++ /dev/null @@ -1,73 +0,0 @@ -package burp; - -/* - * @(#)IResponseInfo.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.util.List; - -/** - * This interface is used to retrieve key details about an HTTP response. - * Extensions can obtain an - * IResponseInfo object for a given response by calling - * IExtensionHelpers.analyzeResponse(). - */ -public interface IResponseInfo -{ - /** - * This method is used to obtain the HTTP headers contained in the response. - * - * @return The HTTP headers contained in the response. - */ - List getHeaders(); - - /** - * This method is used to obtain the offset within the response where the - * message body begins. - * - * @return The offset within the response where the message body begins. - */ - int getBodyOffset(); - - /** - * This method is used to obtain the HTTP status code contained in the - * response. - * - * @return The HTTP status code contained in the response. - */ - short getStatusCode(); - - /** - * This method is used to obtain details of the HTTP cookies set in the - * response. - * - * @return A list of ICookie objects representing the cookies - * set in the response, if any. - */ - List getCookies(); - - /** - * This method is used to obtain the MIME type of the response, as stated in - * the HTTP headers. - * - * @return A textual label for the stated MIME type, or an empty String if - * this is not known or recognized. The possible labels are the same as - * those used in the main Burp UI. - */ - String getStatedMimeType(); - - /** - * This method is used to obtain the MIME type of the response, as inferred - * from the contents of the HTTP message body. - * - * @return A textual label for the inferred MIME type, or an empty String if - * this is not known or recognized. The possible labels are the same as - * those used in the main Burp UI. - */ - String getInferredMimeType(); -} diff --git a/src/burp/IResponseKeywords.java b/src/burp/IResponseKeywords.java deleted file mode 100644 index 924e9dc..0000000 --- a/src/burp/IResponseKeywords.java +++ /dev/null @@ -1,58 +0,0 @@ -package burp; - -/* - * @(#)IResponseKeywords.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.util.List; - -/** - * This interface is used to represent the counts of keywords appearing in a - * number of HTTP responses. - */ -public interface IResponseKeywords -{ - - /** - * This method is used to obtain the list of keywords whose counts vary - * between the analyzed responses. - * - * @return The keywords whose counts vary between the analyzed responses. - */ - List getVariantKeywords(); - - /** - * This method is used to obtain the list of keywords whose counts do not - * vary between the analyzed responses. - * - * @return The keywords whose counts do not vary between the analyzed - * responses. - */ - List getInvariantKeywords(); - - /** - * This method is used to obtain the number of occurrences of an individual - * keyword in a response. - * - * @param keyword The keyword whose count will be retrieved. - * @param responseIndex The index of the response. Note responses are - * indexed from zero in the order they were originally supplied to the - * IExtensionHelpers.analyzeResponseKeywords() and - * IResponseKeywords.updateWith() methods. - * @return The number of occurrences of the specified keyword for the - * specified response. - */ - int getKeywordCount(String keyword, int responseIndex); - - /** - * This method is used to update the analysis based on additional responses. - * - * @param responses The new responses to include in the analysis. - */ - void updateWith(byte[]... responses); -} diff --git a/src/burp/IResponseVariations.java b/src/burp/IResponseVariations.java deleted file mode 100644 index 39cee40..0000000 --- a/src/burp/IResponseVariations.java +++ /dev/null @@ -1,62 +0,0 @@ -package burp; - -/* - * @(#)IResponseVariations.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.util.List; - -/** - * This interface is used to represent variations between a number HTTP - * responses, according to various attributes. - */ -public interface IResponseVariations -{ - - /** - * This method is used to obtain the list of attributes that vary between - * the analyzed responses. - * - * @return The attributes that vary between the analyzed responses. - */ - List getVariantAttributes(); - - /** - * This method is used to obtain the list of attributes that do not vary - * between the analyzed responses. - * - * @return The attributes that do not vary between the analyzed responses. - */ - List getInvariantAttributes(); - - /** - * This method is used to obtain the value of an individual attribute in a - * response. Note that the values of some attributes are intrinsically - * meaningful (e.g. a word count) while the values of others are less so - * (e.g. a checksum of the HTML tag names). - * - * @param attributeName The name of the attribute whose value will be - * retrieved. Extension authors can obtain the list of supported attributes - * by generating an IResponseVariations object for a single - * response and calling - * IResponseVariations.getInvariantAttributes(). - * @param responseIndex The index of the response. Note that responses are - * indexed from zero in the order they were originally supplied to the - * IExtensionHelpers.analyzeResponseVariations() and - * IResponseVariations.updateWith() methods. - * @return The value of the specified attribute for the specified response. - */ - int getAttributeValue(String attributeName, int responseIndex); - - /** - * This method is used to update the analysis based on additional responses. - * - * @param responses The new responses to include in the analysis. - */ - void updateWith(byte[]... responses); -} diff --git a/src/burp/IScanIssue.java b/src/burp/IScanIssue.java deleted file mode 100644 index 9529cbb..0000000 --- a/src/burp/IScanIssue.java +++ /dev/null @@ -1,123 +0,0 @@ -package burp; - -/* - * @(#)IScanIssue.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used to retrieve details of Scanner issues. Extensions can - * obtain details of issues by registering an IScannerListener or - * by calling IBurpExtenderCallbacks.getScanIssues(). Extensions - * can also add custom Scanner issues by registering an - * IScannerCheck or calling - * IBurpExtenderCallbacks.addScanIssue(), and providing their own - * implementations of this interface. Note that issue descriptions and other - * text generated by extensions are subject to an HTML whitelist that allows - * only formatting tags and simple hyperlinks. - */ -public interface IScanIssue -{ - - /** - * This method returns the URL for which the issue was generated. - * - * @return The URL for which the issue was generated. - */ - java.net.URL getUrl(); - - /** - * This method returns the name of the issue type. - * - * @return The name of the issue type (e.g. "SQL injection"). - */ - String getIssueName(); - - /** - * This method returns a numeric identifier of the issue type. See the Burp - * Scanner help documentation for a listing of all the issue types. - * - * @return A numeric identifier of the issue type. - */ - int getIssueType(); - - /** - * This method returns the issue severity level. - * - * @return The issue severity level. Expected values are "High", "Medium", - * "Low", "Information" or "False positive". - * - */ - String getSeverity(); - - /** - * This method returns the issue confidence level. - * - * @return The issue confidence level. Expected values are "Certain", "Firm" - * or "Tentative". - */ - String getConfidence(); - - /** - * This method returns a background description for this type of issue. - * - * @return A background description for this type of issue, or - * null if none applies. A limited set of HTML tags may be - * used. - */ - String getIssueBackground(); - - /** - * This method returns a background description of the remediation for this - * type of issue. - * - * @return A background description of the remediation for this type of - * issue, or null if none applies. A limited set of HTML tags - * may be used. - */ - String getRemediationBackground(); - - /** - * This method returns detailed information about this specific instance of - * the issue. - * - * @return Detailed information about this specific instance of the issue, - * or null if none applies. A limited set of HTML tags may be - * used. - */ - String getIssueDetail(); - - /** - * This method returns detailed information about the remediation for this - * specific instance of the issue. - * - * @return Detailed information about the remediation for this specific - * instance of the issue, or null if none applies. A limited - * set of HTML tags may be used. - */ - String getRemediationDetail(); - - /** - * This method returns the HTTP messages on the basis of which the issue was - * generated. - * - * @return The HTTP messages on the basis of which the issue was generated. - * Note: The items in this array should be instances of - * IHttpRequestResponseWithMarkers if applicable, so that - * details of the relevant portions of the request and response messages are - * available. - */ - IHttpRequestResponse[] getHttpMessages(); - - /** - * This method returns the HTTP service for which the issue was generated. - * - * @return The HTTP service for which the issue was generated. - */ - IHttpService getHttpService(); - -} diff --git a/src/burp/IScanQueueItem.java b/src/burp/IScanQueueItem.java deleted file mode 100644 index 47d9f34..0000000 --- a/src/burp/IScanQueueItem.java +++ /dev/null @@ -1,80 +0,0 @@ -package burp; - -/* - * @(#)IScanQueueItem.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used to retrieve details of items in the Burp Scanner - * active scan queue. Extensions can obtain references to scan queue items by - * calling - * IBurpExtenderCallbacks.doActiveScan(). - */ -public interface IScanQueueItem -{ - /** - * This method returns a description of the status of the scan queue item. - * - * @return A description of the status of the scan queue item. - */ - String getStatus(); - - /** - * This method returns an indication of the percentage completed for the - * scan queue item. - * - * @return An indication of the percentage completed for the scan queue - * item. - */ - byte getPercentageComplete(); - - /** - * This method returns the number of requests that have been made for the - * scan queue item. - * - * @return The number of requests that have been made for the scan queue - * item. - */ - int getNumRequests(); - - /** - * This method returns the number of network errors that have occurred for - * the scan queue item. - * - * @return The number of network errors that have occurred for the scan - * queue item. - */ - int getNumErrors(); - - /** - * This method returns the number of attack insertion points being used for - * the scan queue item. - * - * @return The number of attack insertion points being used for the scan - * queue item. - */ - int getNumInsertionPoints(); - - /** - * This method allows the scan queue item to be canceled. - */ - void cancel(); - - /** - * This method returns details of the issues generated for the scan queue - * item. Note: different items within the scan queue may contain - * duplicated versions of the same issues - for example, if the same request - * has been scanned multiple times. Duplicated issues are consolidated in - * the main view of scan results. Extensions can register an - * IScannerListener to get details only of unique, newly - * discovered Scanner issues post-consolidation. - * - * @return Details of the issues generated for the scan queue item. - */ - IScanIssue[] getIssues(); -} diff --git a/src/burp/IScannerCheck.java b/src/burp/IScannerCheck.java deleted file mode 100644 index 976f3d7..0000000 --- a/src/burp/IScannerCheck.java +++ /dev/null @@ -1,83 +0,0 @@ -package burp; - -/* - * @(#)IScannerCheck.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.util.List; - -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerScannerCheck() to register a - * custom Scanner check. When performing scanning, Burp will ask the check to - * perform active or passive scanning on the base request, and report any - * Scanner issues that are identified. - */ -public interface IScannerCheck -{ - - /** - * The Scanner invokes this method for each base request / response that is - * passively scanned. Note: Extensions should only analyze the - * HTTP messages provided during passive scanning, and should not make any - * new HTTP requests of their own. - * - * @param baseRequestResponse The base HTTP request / response that should - * be passively scanned. - * @return A list of IScanIssue objects, or null - * if no issues are identified. - */ - List doPassiveScan(IHttpRequestResponse baseRequestResponse); - - /** - * The Scanner invokes this method for each insertion point that is actively - * scanned. Extensions may issue HTTP requests as required to carry out - * active scanning, and should use the - * IScannerInsertionPoint object provided to build scan - * requests for particular payloads. - * Note: - * Scan checks should submit raw non-encoded payloads to insertion points, - * and the insertion point has responsibility for performing any data - * encoding that is necessary given the nature and location of the insertion - * point. - * - * @param baseRequestResponse The base HTTP request / response that should - * be actively scanned. - * @param insertionPoint An IScannerInsertionPoint object that - * can be queried to obtain details of the insertion point being tested, and - * can be used to build scan requests for particular payloads. - * @return A list of IScanIssue objects, or null - * if no issues are identified. - */ - List doActiveScan( - IHttpRequestResponse baseRequestResponse, - IScannerInsertionPoint insertionPoint); - - /** - * The Scanner invokes this method when the custom Scanner check has - * reported multiple issues for the same URL path. This can arise either - * because there are multiple distinct vulnerabilities, or because the same - * (or a similar) request has been scanned more than once. The custom check - * should determine whether the issues are duplicates. In most cases, where - * a check uses distinct issue names or descriptions for distinct issues, - * the consolidation process will simply be a matter of comparing these - * features for the two issues. - * - * @param existingIssue An issue that was previously reported by this - * Scanner check. - * @param newIssue An issue at the same URL path that has been newly - * reported by this Scanner check. - * @return An indication of which issue(s) should be reported in the main - * Scanner results. The method should return -1 to report the - * existing issue only, 0 to report both issues, and - * 1 to report the new issue only. - */ - int consolidateDuplicateIssues( - IScanIssue existingIssue, - IScanIssue newIssue); -} diff --git a/src/burp/IScannerInsertionPoint.java b/src/burp/IScannerInsertionPoint.java deleted file mode 100644 index f38d8ac..0000000 --- a/src/burp/IScannerInsertionPoint.java +++ /dev/null @@ -1,174 +0,0 @@ -package burp; - -/* - * @(#)IScannerInsertionPoint.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used to define an insertion point for use by active Scanner - * checks. Extensions can obtain instances of this interface by registering an - * IScannerCheck, or can create instances for use by Burp's own - * scan checks by registering an - * IScannerInsertionPointProvider. - */ -public interface IScannerInsertionPoint -{ - - /** - * Used to indicate where the payload is inserted into the value of a URL - * parameter. - */ - byte INS_PARAM_URL = 0x00; - /** - * Used to indicate where the payload is inserted into the value of a body - * parameter. - */ - byte INS_PARAM_BODY = 0x01; - /** - * Used to indicate where the payload is inserted into the value of an HTTP - * cookie. - */ - byte INS_PARAM_COOKIE = 0x02; - /** - * Used to indicate where the payload is inserted into the value of an item - * of data within an XML data structure. - */ - byte INS_PARAM_XML = 0x03; - /** - * Used to indicate where the payload is inserted into the value of a tag - * attribute within an XML structure. - */ - byte INS_PARAM_XML_ATTR = 0x04; - /** - * Used to indicate where the payload is inserted into the value of a - * parameter attribute within a multi-part message body (such as the name of - * an uploaded file). - */ - byte INS_PARAM_MULTIPART_ATTR = 0x05; - /** - * Used to indicate where the payload is inserted into the value of an item - * of data within a JSON structure. - */ - byte INS_PARAM_JSON = 0x06; - /** - * Used to indicate where the payload is inserted into the value of an AMF - * parameter. - */ - byte INS_PARAM_AMF = 0x07; - /** - * Used to indicate where the payload is inserted into the value of an HTTP - * request header. - */ - byte INS_HEADER = 0x20; - /** - * Used to indicate where the payload is inserted into a URL path folder. - */ - byte INS_URL_PATH_FOLDER = 0x21; - /** - * Used to indicate where the payload is inserted into a URL path folder. - * This is now deprecated; use INS_URL_PATH_FOLDER instead. - */ - @Deprecated - byte INS_URL_PATH_REST = INS_URL_PATH_FOLDER; - /** - * Used to indicate where the payload is inserted into the name of an added - * URL parameter. - */ - byte INS_PARAM_NAME_URL = 0x22; - /** - * Used to indicate where the payload is inserted into the name of an added - * body parameter. - */ - byte INS_PARAM_NAME_BODY = 0x23; - /** - * Used to indicate where the payload is inserted into the body of the HTTP - * request. - */ - byte INS_ENTIRE_BODY = 0x24; - /** - * Used to indicate where the payload is inserted into the URL path - * filename. - */ - byte INS_URL_PATH_FILENAME = 0x25; - /** - * Used to indicate where the payload is inserted at a location manually - * configured by the user. - */ - byte INS_USER_PROVIDED = 0x40; - /** - * Used to indicate where the insertion point is provided by an - * extension-registered - * IScannerInsertionPointProvider. - */ - byte INS_EXTENSION_PROVIDED = 0x41; - /** - * Used to indicate where the payload is inserted at an unknown location - * within the request. - */ - byte INS_UNKNOWN = 0x7f; - - /** - * This method returns the name of the insertion point. - * - * @return The name of the insertion point (for example, a description of a - * particular request parameter). - */ - String getInsertionPointName(); - - /** - * This method returns the base value for this insertion point. - * - * @return the base value that appears in this insertion point in the base - * request being scanned, or null if there is no value in the - * base request that corresponds to this insertion point. - */ - String getBaseValue(); - - /** - * This method is used to build a request with the specified payload placed - * into the insertion point. There is no requirement for extension-provided - * insertion points to adjust the Content-Length header in requests if the - * body length has changed, although Burp-provided insertion points will - * always do this and will return a request with a valid Content-Length - * header. - * Note: - * Scan checks should submit raw non-encoded payloads to insertion points, - * and the insertion point has responsibility for performing any data - * encoding that is necessary given the nature and location of the insertion - * point. - * - * @param payload The payload that should be placed into the insertion - * point. - * @return The resulting request. - */ - byte[] buildRequest(byte[] payload); - - /** - * This method is used to determine the offsets of the payload value within - * the request, when it is placed into the insertion point. Scan checks may - * invoke this method when reporting issues, so as to highlight the relevant - * part of the request within the UI. - * - * @param payload The payload that should be placed into the insertion - * point. - * @return An int[2] array containing the start and end offsets of the - * payload within the request, or null if this is not applicable (for - * example, where the insertion point places a payload into a serialized - * data structure, the raw payload may not literally appear anywhere within - * the resulting request). - */ - int[] getPayloadOffsets(byte[] payload); - - /** - * This method returns the type of the insertion point. - * - * @return The type of the insertion point. Available types are defined in - * this interface. - */ - byte getInsertionPointType(); -} diff --git a/src/burp/IScannerInsertionPointProvider.java b/src/burp/IScannerInsertionPointProvider.java deleted file mode 100644 index 41472a1..0000000 --- a/src/burp/IScannerInsertionPointProvider.java +++ /dev/null @@ -1,38 +0,0 @@ -package burp; - -/* - * @(#)IScannerInsertionPointProvider.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -import java.util.List; - -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerScannerInsertionPointProvider() - * to register a factory for custom Scanner insertion points. - */ -public interface IScannerInsertionPointProvider -{ - /** - * When a request is actively scanned, the Scanner will invoke this method, - * and the provider should provide a list of custom insertion points that - * will be used in the scan. Note: these insertion points are used in - * addition to those that are derived from Burp Scanner's configuration, and - * those provided by any other Burp extensions. - * - * @param baseRequestResponse The base request that will be actively - * scanned. - * @return A list of - * IScannerInsertionPoint objects that should be used in the - * scanning, or - * null if no custom insertion points are applicable for this - * request. - */ - List getInsertionPoints( - IHttpRequestResponse baseRequestResponse); -} diff --git a/src/burp/IScannerListener.java b/src/burp/IScannerListener.java deleted file mode 100644 index 0bd51d9..0000000 --- a/src/burp/IScannerListener.java +++ /dev/null @@ -1,30 +0,0 @@ -package burp; - -/* - * @(#)IScannerListener.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerScannerListener() to register a - * Scanner listener. The listener will be notified of new issues that are - * reported by the Scanner tool. Extensions can perform custom analysis or - * logging of Scanner issues by registering a Scanner listener. - */ -public interface IScannerListener -{ - /** - * This method is invoked when a new issue is added to Burp Scanner's - * results. - * - * @param issue An - * IScanIssue object that the extension can query to obtain - * details about the new issue. - */ - void newScanIssue(IScanIssue issue); -} diff --git a/src/burp/IScopeChangeListener.java b/src/burp/IScopeChangeListener.java deleted file mode 100644 index a289388..0000000 --- a/src/burp/IScopeChangeListener.java +++ /dev/null @@ -1,25 +0,0 @@ -package burp; - -/* - * @(#)IScopeChangeListener.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerScopeChangeListener() to register - * a scope change listener. The listener will be notified whenever a change - * occurs to Burp's suite-wide target scope. - */ -public interface IScopeChangeListener -{ - /** - * This method is invoked whenever a change occurs to Burp's suite-wide - * target scope. - */ - void scopeChanged(); -} diff --git a/src/burp/ISessionHandlingAction.java b/src/burp/ISessionHandlingAction.java deleted file mode 100644 index c953e22..0000000 --- a/src/burp/ISessionHandlingAction.java +++ /dev/null @@ -1,51 +0,0 @@ -package burp; - -/* - * @(#)ISessionHandlingAction.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * Extensions can implement this interface and then call - * IBurpExtenderCallbacks.registerSessionHandlingAction() to - * register a custom session handling action. Each registered action will be - * available within the session handling rule UI for the user to select as a - * rule action. Users can choose to invoke an action directly in its own right, - * or following execution of a macro. - */ -public interface ISessionHandlingAction -{ - /** - * This method is used by Burp to obtain the name of the session handling - * action. This will be displayed as an option within the session handling - * rule editor when the user selects to execute an extension-provided - * action. - * - * @return The name of the action. - */ - String getActionName(); - - /** - * This method is invoked when the session handling action should be - * executed. This may happen as an action in its own right, or as a - * sub-action following execution of a macro. - * - * @param currentRequest The base request that is currently being processed. - * The action can query this object to obtain details about the base - * request. It can issue additional requests of its own if necessary, and - * can use the setter methods on this object to update the base request. - * @param macroItems If the action is invoked following execution of a - * macro, this parameter contains the result of executing the macro. - * Otherwise, it is - * null. Actions can use the details of the macro items to - * perform custom analysis of the macro to derive values of non-standard - * session handling tokens, etc. - */ - void performAction( - IHttpRequestResponse currentRequest, - IHttpRequestResponse[] macroItems); -} diff --git a/src/burp/ITab.java b/src/burp/ITab.java deleted file mode 100644 index c114593..0000000 --- a/src/burp/ITab.java +++ /dev/null @@ -1,39 +0,0 @@ -package burp; - -/* - * @(#)ITab.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ - -import java.awt.*; - -/** - * This interface is used to provide Burp with details of a custom tab that will - * be added to Burp's UI, using a method such as - * IBurpExtenderCallbacks.addSuiteTab(). - */ -public interface ITab -{ - /** - * Burp uses this method to obtain the caption that should appear on the - * custom tab when it is displayed. - * - * @return The caption that should appear on the custom tab when it is - * displayed. - */ - String getTabCaption(); - - /** - * Burp uses this method to obtain the component that should be used as the - * contents of the custom tab when it is displayed. - * - * @return The component that should be used as the contents of the custom - * tab when it is displayed. - */ - Component getUiComponent(); -} diff --git a/src/burp/ITempFile.java b/src/burp/ITempFile.java deleted file mode 100644 index d20785c..0000000 --- a/src/burp/ITempFile.java +++ /dev/null @@ -1,33 +0,0 @@ -package burp; - -/* - * @(#)ITempFile.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ -/** - * This interface is used to hold details of a temporary file that has been - * created via a call to - * IBurpExtenderCallbacks.saveToTempFile(). - * - */ -public interface ITempFile -{ - /** - * This method is used to retrieve the contents of the buffer that was saved - * in the temporary file. - * - * @return The contents of the buffer that was saved in the temporary file. - */ - byte[] getBuffer(); - - /** - * This method is deprecated and no longer performs any action. - */ - @Deprecated - void delete(); -} diff --git a/src/burp/ITextEditor.java b/src/burp/ITextEditor.java deleted file mode 100644 index f1f2720..0000000 --- a/src/burp/ITextEditor.java +++ /dev/null @@ -1,91 +0,0 @@ -package burp; - -/* - * @(#)ITextEditor.java - * - * Copyright PortSwigger Ltd. All rights reserved. - * - * This code may be used to extend the functionality of Burp Suite Community Edition - * and Burp Suite Professional, provided that this usage does not violate the - * license terms for those products. - */ - -import java.awt.*; - -/** - * This interface is used to provide extensions with an instance of Burp's raw - * text editor, for the extension to use in its own UI. Extensions should call - * IBurpExtenderCallbacks.createTextEditor() to obtain an instance - * of this interface. - */ -public interface ITextEditor -{ - /** - * This method returns the UI component of the editor, for extensions to add - * to their own UI. - * - * @return The UI component of the editor. - */ - Component getComponent(); - - /** - * This method is used to control whether the editor is currently editable. - * This status can be toggled on and off as required. - * - * @param editable Indicates whether the editor should be currently - * editable. - */ - void setEditable(boolean editable); - - /** - * This method is used to update the currently displayed text in the editor. - * - * @param text The text to be displayed. - */ - void setText(byte[] text); - - /** - * This method is used to retrieve the currently displayed text. - * - * @return The currently displayed text. - */ - byte[] getText(); - - /** - * This method is used to determine whether the user has modified the - * contents of the editor. - * - * @return An indication of whether the user has modified the contents of - * the editor since the last call to - * setText(). - */ - boolean isTextModified(); - - /** - * This method is used to obtain the currently selected text. - * - * @return The currently selected text, or - * null if the user has not made any selection. - */ - byte[] getSelectedText(); - - /** - * This method can be used to retrieve the bounds of the user's selection - * into the displayed text, if applicable. - * - * @return An int[2] array containing the start and end offsets of the - * user's selection within the displayed text. If the user has not made any - * selection in the current message, both offsets indicate the position of - * the caret within the editor. - */ - int[] getSelectionBounds(); - - /** - * This method is used to update the search expression that is shown in the - * search bar below the editor. The editor will automatically highlight any - * regions of the displayed text that match the search expression. - * - * @param expression The search expression. - */ - void setSearchExpression(String expression); -} diff --git a/src/teamextension/BurpTeamPanel.java b/src/teamextension/BurpTeamPanel.java index 293cb80..a05de3b 100644 --- a/src/teamextension/BurpTeamPanel.java +++ b/src/teamextension/BurpTeamPanel.java @@ -262,18 +262,20 @@ public void ancestorMoved(AncestorEvent event) { gridBagConstraints.gridy = 0; add(infoPanel, gridBagConstraints); infoPanel.setLayout(new GridLayout(1, 1, 0, 0)); - JLabel explainer = new JLabel(); - explainer.setHorizontalAlignment(SwingConstants.CENTER); + JTextArea explainer = new JTextArea(); + explainer.setLineWrap(true); + explainer.setWrapStyleWord(true); + explainer.setEditable(false); + //explainer.setHorizontalAlignment(SwingConstants.CENTER); + explainer.setText("Welcome to Burp Suite Team Collaborator!\n" + + "This extension allows you to work in tandem with multiple BurpSuite users by sharing their requests with you.\n" + + "Any request that comes through their proxy will show up in your site map as well!"); infoPanel.add(explainer); - explainer.setText("Welcome to the Burp Suite Team " + - "Collaborator!
This extension allows you to work in " + - "tandem with multiple BurpSuite users by sharing their requests " + - "with you. Any request that comes through their proxy will " + - "show up in your site map as well.\n"); + JPanel statusPanel = generatePanel(0, "Server Alerts"); statusPanel.setLayout(new BorderLayout(0, 0)); - + statusText = new JTextPane(); statusText.setEditable(false); JScrollPane scrollPane = new JScrollPane(statusText); @@ -667,11 +669,12 @@ public void ancestorRemoved(AncestorEvent event) { } @Override - public void ancestorMoved(AncestorEvent event) { + public void ancestorMoved(AncestorEvent event) { //Not needed } }); - optionsPane.addTab("Comments", commentsScrollPane); + //disabling comments. Not convinced it's all that useful, may revisit. + //optionsPane.addTab("Comments", commentsScrollPane); //end comments panel } diff --git a/target/BurpSuiteCollaborationClient.jar b/target/BurpSuiteCollaborationClient.jar index 81a51c9..3c690aa 100644 Binary files a/target/BurpSuiteCollaborationClient.jar and b/target/BurpSuiteCollaborationClient.jar differ