private void secondPass(IExtensionHelpers helpers) {
publish("Second Pass...");
publish(0);
Set<Map<String, CorrelatedParam>> allStats = new HashSet<>();
allStats.add(urlParameters);
allStats.add(bodyParameters);
allStats.add(cookieParameters);
int x = 0;
for (IHttpRequestResponse message : inScopeMessagesWithResponses) {
publish(100 * x / inScopeMessagesWithResponses.size());
x += 1;
String responseString = helpers.bytesToString(message.getResponse());
for (Map<String, CorrelatedParam> paramMap : allStats) {
for (String paramName : paramMap.keySet()) {
publish("Analyzing " + paramName + "...");
for (CorrelatedParam param : paramMap.values()) {
for (String value : param.getUniqueValues()) {
if (responseString.contains(value)) {
param.putSeenParam(value, message);
}
}
}
}
}
}
}
public void processCookieHeader(String header) {
String[] parts = header.substring("set-cookie:".length()).split(";");
boolean httpOnly = false;
boolean secure = false;
String name = "";
int count = 0;
for (String part : parts) {
String[] pair = part.split("=");
String key = pair[0].trim().toUpperCase();
switch (key) {
case "HTTPONLY":
httpOnly = true;
break;
case "SECURE":
secure = true;
break;
default:
// pass
}
if (count == 0) {
name = pair[0].trim();
}
count += 1;
}
if (!name.isEmpty()) {
CookieStatistics cs;
if (cookieStatistics.get(name) != null) {
cs = cookieStatistics.get(name);
} else {
cs = new CookieStatistics(name);
cookieStatistics.put(name, cs);
}
cs.addCookieValues(httpOnly, secure);
}
}
private void parameterFormatAnalysis() {
publish("Parameter Format Analysis...");
int total =
urlParameters.size()
+ bodyParameters.size()
+ cookieParameters.size()
+ jsonParameters.size();
int i = 0;
publish(0);
for (CorrelatedParam cp : urlParameters.values()) {
cp.analyzeAll(callbacks);
i += 1;
publish(100 * i / total);
}
for (CorrelatedParam cp : bodyParameters.values()) {
cp.analyzeAll(callbacks);
i += 1;
publish(100 * i / total);
}
for (CorrelatedParam cp : cookieParameters.values()) {
cp.analyzeAll(callbacks);
i += 1;
publish(100 * i / total);
}
for (CorrelatedParam cp : jsonParameters.values()) {
cp.analyzeAll(callbacks);
i += 1;
publish(100 * i / total);
}
}
/**
* Analyze and categorize each of the parameters in scope.
*
* @param helpers The standard burp ExtensionHelpers object.
* @param messages The set of request messages to be processed.
*/
private void firstPass(IExtensionHelpers helpers, IHttpRequestResponse[] messages) {
publish("Examining parameters...");
for (int i = 0; i < messages.length; i++) {
publish(100 * i / messages.length);
messages[i].getHttpService();
// Analyze response for cookies
if (messages[i].getResponse() != null) {
IResponseInfo responseInfo = helpers.analyzeResponse(messages[i].getResponse());
List<String> headers = responseInfo.getHeaders();
for (String header : headers) {
if (startsWithIgnoreCase(header, "set-cookie:")) {
processCookieHeader(header);
}
}
}
IRequestInfo requestInfo = helpers.analyzeRequest(messages[i]);
if (callbacks.isInScope(requestInfo.getUrl())) {
byte[] responseBytes = messages[i].getResponse();
String responseString = "";
if (responseBytes != null) {
responseString = helpers.bytesToString(responseBytes);
inScopeMessagesWithResponses.add(messages[i]);
}
List<IParameter> params = requestInfo.getParameters();
for (IParameter param : params) {
if ((!ignoreEmpty || param.getValue().length() > 0)
&& !ignoreList.contains(param.getName())) {
int type = param.getType();
Map<String, CorrelatedParam> paramMap;
switch (type) {
case IParameter.PARAM_URL:
paramMap = urlParameters;
break;
case IParameter.PARAM_BODY:
paramMap = bodyParameters;
break;
case IParameter.PARAM_COOKIE:
paramMap = cookieParameters;
break;
case IParameter.PARAM_JSON:
paramMap = jsonParameters;
break;
default:
paramMap = null;
// nothing
}
if (paramMap != null) {
if (messages[i] == null) {
callbacks.printOutput("Warning... adding null message!");
}
if (paramMap.containsKey(param.getName())) {
paramMap
.get(param.getName())
.put(param, messages[i], requestInfo, responseString, helpers);
} else {
paramMap.put(
param.getName(),
new CorrelatedParam(param, messages[i], requestInfo, responseString, helpers));
}
}
}
}
}
}
}