@Override protected String doInBackground() throws Exception { publish("Starting..."); IExtensionHelpers helpers = callbacks.getHelpers(); publish(0); IHttpRequestResponse[] messages = callbacks.getProxyHistory(); if (messages.length == 0) { publish(100); } else { firstPass(helpers, messages); parameterFormatAnalysis(); // secondPass(helpers); This is just too darn slow as it is now... need to rethink it. } return ""; }
@Override protected void done() { super.done(); try { this.get(); listener.done(); } catch (InterruptedException e) { listener.setStatus("Interrupted Exception: " + e.getMessage()); e.printStackTrace(new PrintStream(callbacks.getStderr())); } catch (ExecutionException e) { listener.setStatus("Execution Exception: " + e.getMessage()); e.printStackTrace(new PrintStream(callbacks.getStderr())); } catch (Throwable e) { listener.setStatus(e.getMessage()); e.printStackTrace(new PrintStream(callbacks.getStderr())); } }
/** * Analyze and categorize each of the parameters in scope. * * @param helpers The standard burp ExtensionHelpers object. * @param messages The set of request messages to be processed. */ private void firstPass(IExtensionHelpers helpers, IHttpRequestResponse[] messages) { publish("Examining parameters..."); for (int i = 0; i < messages.length; i++) { publish(100 * i / messages.length); messages[i].getHttpService(); // Analyze response for cookies if (messages[i].getResponse() != null) { IResponseInfo responseInfo = helpers.analyzeResponse(messages[i].getResponse()); List<String> headers = responseInfo.getHeaders(); for (String header : headers) { if (startsWithIgnoreCase(header, "set-cookie:")) { processCookieHeader(header); } } } IRequestInfo requestInfo = helpers.analyzeRequest(messages[i]); if (callbacks.isInScope(requestInfo.getUrl())) { byte[] responseBytes = messages[i].getResponse(); String responseString = ""; if (responseBytes != null) { responseString = helpers.bytesToString(responseBytes); inScopeMessagesWithResponses.add(messages[i]); } List<IParameter> params = requestInfo.getParameters(); for (IParameter param : params) { if ((!ignoreEmpty || param.getValue().length() > 0) && !ignoreList.contains(param.getName())) { int type = param.getType(); Map<String, CorrelatedParam> paramMap; switch (type) { case IParameter.PARAM_URL: paramMap = urlParameters; break; case IParameter.PARAM_BODY: paramMap = bodyParameters; break; case IParameter.PARAM_COOKIE: paramMap = cookieParameters; break; case IParameter.PARAM_JSON: paramMap = jsonParameters; break; default: paramMap = null; // nothing } if (paramMap != null) { if (messages[i] == null) { callbacks.printOutput("Warning... adding null message!"); } if (paramMap.containsKey(param.getName())) { paramMap .get(param.getName()) .put(param, messages[i], requestInfo, responseString, helpers); } else { paramMap.put( param.getName(), new CorrelatedParam(param, messages[i], requestInfo, responseString, helpers)); } } } } } } }