コード例 #1
0
 private void secondPass(IExtensionHelpers helpers) {
   publish("Second Pass...");
   publish(0);
   Set<Map<String, CorrelatedParam>> allStats = new HashSet<>();
   allStats.add(urlParameters);
   allStats.add(bodyParameters);
   allStats.add(cookieParameters);
   int x = 0;
   for (IHttpRequestResponse message : inScopeMessagesWithResponses) {
     publish(100 * x / inScopeMessagesWithResponses.size());
     x += 1;
     String responseString = helpers.bytesToString(message.getResponse());
     for (Map<String, CorrelatedParam> paramMap : allStats) {
       for (String paramName : paramMap.keySet()) {
         publish("Analyzing " + paramName + "...");
         for (CorrelatedParam param : paramMap.values()) {
           for (String value : param.getUniqueValues()) {
             if (responseString.contains(value)) {
               param.putSeenParam(value, message);
             }
           }
         }
       }
     }
   }
 }
コード例 #2
0
ファイル: Utilities.java プロジェクト: shiham101/burp-plugins
  public static byte[] convertToJSON(
      IExtensionHelpers helpers, IHttpRequestResponse requestResponse) {

    byte[] request = requestResponse.getRequest();

    if (Objects.equals(helpers.analyzeRequest(request).getMethod(), "GET")) {
      request = helpers.toggleRequestMethod(request);
    }

    IRequestInfo requestInfo = helpers.analyzeRequest(request);

    int bodyOffset = requestInfo.getBodyOffset();

    byte content_type = requestInfo.getContentType();

    String body = new String(request, bodyOffset, request.length - bodyOffset);

    String json = "";

    Boolean success = true;

    try {
      if (content_type == 3) {
        JSONObject xmlJSONObject = XML.toJSONObject(body);
        json = xmlJSONObject.toString(2);
      } else if (content_type == 0 || content_type == 1) {
        Map<String, String> params = splitQuery(body);
        Gson gson = new Gson();
        json = gson.toJson(params);
      } else {
        json = body;
      }
    } catch (Exception e) {
      success = false;
    }

    if (!success) {
      return request;
    } else {

      List<String> headers;

      headers = helpers.analyzeRequest(request).getHeaders();

      Iterator<String> iter = headers.iterator();
      while (iter.hasNext()) {
        if (iter.next().contains("Content-Type")) iter.remove();
      }

      headers.add("Content-Type: application/json;charset=UTF-8");

      return helpers.buildHttpMessage(headers, json.getBytes());
    }
  }
コード例 #3
0
ファイル: Utilities.java プロジェクト: shiham101/burp-plugins
  public static byte[] convertToXML(IExtensionHelpers helpers, IHttpRequestResponse requestResponse)
      throws Exception {

    byte[] request = requestResponse.getRequest();

    if (Objects.equals(helpers.analyzeRequest(request).getMethod(), "GET")) {
      request = helpers.toggleRequestMethod(request);
    }

    IRequestInfo requestInfo = helpers.analyzeRequest(request);

    int bodyOffset = requestInfo.getBodyOffset();

    byte content_type = requestInfo.getContentType();

    String body = new String(request, bodyOffset, request.length - bodyOffset, "UTF-8");

    DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
    Document doc =
        new Document() {
          public String getNodeName() {
            return null;
          }

          public String getNodeValue() throws DOMException {
            return null;
          }

          public void setNodeValue(String nodeValue) throws DOMException {}

          public short getNodeType() {
            return 0;
          }

          public Node getParentNode() {
            return null;
          }

          public NodeList getChildNodes() {
            return null;
          }

          public Node getFirstChild() {
            return null;
          }

          public Node getLastChild() {
            return null;
          }

          public Node getPreviousSibling() {
            return null;
          }

          public Node getNextSibling() {
            return null;
          }

          public NamedNodeMap getAttributes() {
            return null;
          }

          public Document getOwnerDocument() {
            return null;
          }

          public Node insertBefore(Node newChild, Node refChild) throws DOMException {
            return null;
          }

          public Node replaceChild(Node newChild, Node oldChild) throws DOMException {
            return null;
          }

          public Node removeChild(Node oldChild) throws DOMException {
            return null;
          }

          public Node appendChild(Node newChild) throws DOMException {
            return null;
          }

          public boolean hasChildNodes() {
            return false;
          }

          public Node cloneNode(boolean deep) {
            return null;
          }

          public void normalize() {}

          public boolean isSupported(String feature, String version) {
            return false;
          }

          public String getNamespaceURI() {
            return null;
          }

          public String getPrefix() {
            return null;
          }

          public void setPrefix(String prefix) throws DOMException {}

          public String getLocalName() {
            return null;
          }

          public boolean hasAttributes() {
            return false;
          }

          public String getBaseURI() {
            return null;
          }

          public short compareDocumentPosition(Node other) throws DOMException {
            return 0;
          }

          public String getTextContent() throws DOMException {
            return null;
          }

          public void setTextContent(String textContent) throws DOMException {}

          public boolean isSameNode(Node other) {
            return false;
          }

          public String lookupPrefix(String namespaceURI) {
            return null;
          }

          public boolean isDefaultNamespace(String namespaceURI) {
            return false;
          }

          public String lookupNamespaceURI(String prefix) {
            return null;
          }

          public boolean isEqualNode(Node arg) {
            return false;
          }

          public Object getFeature(String feature, String version) {
            return null;
          }

          public Object setUserData(String key, Object data, UserDataHandler handler) {
            return null;
          }

          public Object getUserData(String key) {
            return null;
          }

          public DocumentType getDoctype() {
            return null;
          }

          public DOMImplementation getImplementation() {
            return null;
          }

          public Element getDocumentElement() {
            return null;
          }

          public Element createElement(String tagName) throws DOMException {
            return null;
          }

          public DocumentFragment createDocumentFragment() {
            return null;
          }

          public Text createTextNode(String data) {
            return null;
          }

          public Comment createComment(String data) {
            return null;
          }

          public CDATASection createCDATASection(String data) throws DOMException {
            return null;
          }

          public ProcessingInstruction createProcessingInstruction(String target, String data)
              throws DOMException {
            return null;
          }

          public Attr createAttribute(String name) throws DOMException {
            return null;
          }

          public EntityReference createEntityReference(String name) throws DOMException {
            return null;
          }

          public NodeList getElementsByTagName(String tagname) {
            return null;
          }

          public Node importNode(Node importedNode, boolean deep) throws DOMException {
            return null;
          }

          public Element createElementNS(String namespaceURI, String qualifiedName)
              throws DOMException {
            return null;
          }

          public Attr createAttributeNS(String namespaceURI, String qualifiedName)
              throws DOMException {
            return null;
          }

          public NodeList getElementsByTagNameNS(String namespaceURI, String localName) {
            return null;
          }

          public Element getElementById(String elementId) {
            return null;
          }

          public String getInputEncoding() {
            return null;
          }

          public String getXmlEncoding() {
            return null;
          }

          public boolean getXmlStandalone() {
            return false;
          }

          public void setXmlStandalone(boolean xmlStandalone) throws DOMException {}

          public String getXmlVersion() {
            return null;
          }

          public void setXmlVersion(String xmlVersion) throws DOMException {}

          public boolean getStrictErrorChecking() {
            return false;
          }

          public void setStrictErrorChecking(boolean strictErrorChecking) {}

          public String getDocumentURI() {
            return null;
          }

          public void setDocumentURI(String documentURI) {}

          public Node adoptNode(Node source) throws DOMException {
            return null;
          }

          public DOMConfiguration getDomConfig() {
            return null;
          }

          public void normalizeDocument() {}

          public Node renameNode(Node n, String namespaceURI, String qualifiedName)
              throws DOMException {
            return null;
          }
        };

    StringBuilder xml = new StringBuilder();
    xml.append("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>");
    xml.append("<root>");

    if (content_type == 0 || content_type == 1) {

      Map<String, String> params = splitQuery(body);
      Gson gson = new Gson();
      body = gson.toJson(params);
    }

    Boolean success = true;

    try {
      JSONObject json = new JSONObject(body);

      xml.append(XML.toString(json));
      xml.append("</root>");

      DocumentBuilder builder = factory.newDocumentBuilder();

      ByteArrayInputStream input = new ByteArrayInputStream(xml.toString().getBytes("UTF-8"));
      doc = builder.parse(input);

    } catch (Exception e) {
      success = false;
    }

    if (!success) {
      return null;
    } else {

      List<String> headers;

      headers = helpers.analyzeRequest(request).getHeaders();

      Iterator<String> iter = headers.iterator();
      while (iter.hasNext()) {
        if (iter.next().contains("Content-Type")) iter.remove();
      }

      headers.add("Content-Type: application/xml;charset=UTF-8");

      return helpers.buildHttpMessage(headers, prettyPrint(doc).getBytes());
    }
  }