public static byte[] convertToJSON(
IExtensionHelpers helpers, IHttpRequestResponse requestResponse) {
byte[] request = requestResponse.getRequest();
if (Objects.equals(helpers.analyzeRequest(request).getMethod(), "GET")) {
request = helpers.toggleRequestMethod(request);
}
IRequestInfo requestInfo = helpers.analyzeRequest(request);
int bodyOffset = requestInfo.getBodyOffset();
byte content_type = requestInfo.getContentType();
String body = new String(request, bodyOffset, request.length - bodyOffset);
String json = "";
Boolean success = true;
try {
if (content_type == 3) {
JSONObject xmlJSONObject = XML.toJSONObject(body);
json = xmlJSONObject.toString(2);
} else if (content_type == 0 || content_type == 1) {
Map<String, String> params = splitQuery(body);
Gson gson = new Gson();
json = gson.toJson(params);
} else {
json = body;
}
} catch (Exception e) {
success = false;
}
if (!success) {
return request;
} else {
List<String> headers;
headers = helpers.analyzeRequest(request).getHeaders();
Iterator<String> iter = headers.iterator();
while (iter.hasNext()) {
if (iter.next().contains("Content-Type")) iter.remove();
}
headers.add("Content-Type: application/json;charset=UTF-8");
return helpers.buildHttpMessage(headers, json.getBytes());
}
}
public static byte[] convertToXML(IExtensionHelpers helpers, IHttpRequestResponse requestResponse)
throws Exception {
byte[] request = requestResponse.getRequest();
if (Objects.equals(helpers.analyzeRequest(request).getMethod(), "GET")) {
request = helpers.toggleRequestMethod(request);
}
IRequestInfo requestInfo = helpers.analyzeRequest(request);
int bodyOffset = requestInfo.getBodyOffset();
byte content_type = requestInfo.getContentType();
String body = new String(request, bodyOffset, request.length - bodyOffset, "UTF-8");
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
Document doc =
new Document() {
public String getNodeName() {
return null;
}
public String getNodeValue() throws DOMException {
return null;
}
public void setNodeValue(String nodeValue) throws DOMException {}
public short getNodeType() {
return 0;
}
public Node getParentNode() {
return null;
}
public NodeList getChildNodes() {
return null;
}
public Node getFirstChild() {
return null;
}
public Node getLastChild() {
return null;
}
public Node getPreviousSibling() {
return null;
}
public Node getNextSibling() {
return null;
}
public NamedNodeMap getAttributes() {
return null;
}
public Document getOwnerDocument() {
return null;
}
public Node insertBefore(Node newChild, Node refChild) throws DOMException {
return null;
}
public Node replaceChild(Node newChild, Node oldChild) throws DOMException {
return null;
}
public Node removeChild(Node oldChild) throws DOMException {
return null;
}
public Node appendChild(Node newChild) throws DOMException {
return null;
}
public boolean hasChildNodes() {
return false;
}
public Node cloneNode(boolean deep) {
return null;
}
public void normalize() {}
public boolean isSupported(String feature, String version) {
return false;
}
public String getNamespaceURI() {
return null;
}
public String getPrefix() {
return null;
}
public void setPrefix(String prefix) throws DOMException {}
public String getLocalName() {
return null;
}
public boolean hasAttributes() {
return false;
}
public String getBaseURI() {
return null;
}
public short compareDocumentPosition(Node other) throws DOMException {
return 0;
}
public String getTextContent() throws DOMException {
return null;
}
public void setTextContent(String textContent) throws DOMException {}
public boolean isSameNode(Node other) {
return false;
}
public String lookupPrefix(String namespaceURI) {
return null;
}
public boolean isDefaultNamespace(String namespaceURI) {
return false;
}
public String lookupNamespaceURI(String prefix) {
return null;
}
public boolean isEqualNode(Node arg) {
return false;
}
public Object getFeature(String feature, String version) {
return null;
}
public Object setUserData(String key, Object data, UserDataHandler handler) {
return null;
}
public Object getUserData(String key) {
return null;
}
public DocumentType getDoctype() {
return null;
}
public DOMImplementation getImplementation() {
return null;
}
public Element getDocumentElement() {
return null;
}
public Element createElement(String tagName) throws DOMException {
return null;
}
public DocumentFragment createDocumentFragment() {
return null;
}
public Text createTextNode(String data) {
return null;
}
public Comment createComment(String data) {
return null;
}
public CDATASection createCDATASection(String data) throws DOMException {
return null;
}
public ProcessingInstruction createProcessingInstruction(String target, String data)
throws DOMException {
return null;
}
public Attr createAttribute(String name) throws DOMException {
return null;
}
public EntityReference createEntityReference(String name) throws DOMException {
return null;
}
public NodeList getElementsByTagName(String tagname) {
return null;
}
public Node importNode(Node importedNode, boolean deep) throws DOMException {
return null;
}
public Element createElementNS(String namespaceURI, String qualifiedName)
throws DOMException {
return null;
}
public Attr createAttributeNS(String namespaceURI, String qualifiedName)
throws DOMException {
return null;
}
public NodeList getElementsByTagNameNS(String namespaceURI, String localName) {
return null;
}
public Element getElementById(String elementId) {
return null;
}
public String getInputEncoding() {
return null;
}
public String getXmlEncoding() {
return null;
}
public boolean getXmlStandalone() {
return false;
}
public void setXmlStandalone(boolean xmlStandalone) throws DOMException {}
public String getXmlVersion() {
return null;
}
public void setXmlVersion(String xmlVersion) throws DOMException {}
public boolean getStrictErrorChecking() {
return false;
}
public void setStrictErrorChecking(boolean strictErrorChecking) {}
public String getDocumentURI() {
return null;
}
public void setDocumentURI(String documentURI) {}
public Node adoptNode(Node source) throws DOMException {
return null;
}
public DOMConfiguration getDomConfig() {
return null;
}
public void normalizeDocument() {}
public Node renameNode(Node n, String namespaceURI, String qualifiedName)
throws DOMException {
return null;
}
};
StringBuilder xml = new StringBuilder();
xml.append("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>");
xml.append("<root>");
if (content_type == 0 || content_type == 1) {
Map<String, String> params = splitQuery(body);
Gson gson = new Gson();
body = gson.toJson(params);
}
Boolean success = true;
try {
JSONObject json = new JSONObject(body);
xml.append(XML.toString(json));
xml.append("</root>");
DocumentBuilder builder = factory.newDocumentBuilder();
ByteArrayInputStream input = new ByteArrayInputStream(xml.toString().getBytes("UTF-8"));
doc = builder.parse(input);
} catch (Exception e) {
success = false;
}
if (!success) {
return null;
} else {
List<String> headers;
headers = helpers.analyzeRequest(request).getHeaders();
Iterator<String> iter = headers.iterator();
while (iter.hasNext()) {
if (iter.next().contains("Content-Type")) iter.remove();
}
headers.add("Content-Type: application/xml;charset=UTF-8");
return helpers.buildHttpMessage(headers, prettyPrint(doc).getBytes());
}
}
/**
* Analyze and categorize each of the parameters in scope.
*
* @param helpers The standard burp ExtensionHelpers object.
* @param messages The set of request messages to be processed.
*/
private void firstPass(IExtensionHelpers helpers, IHttpRequestResponse[] messages) {
publish("Examining parameters...");
for (int i = 0; i < messages.length; i++) {
publish(100 * i / messages.length);
messages[i].getHttpService();
// Analyze response for cookies
if (messages[i].getResponse() != null) {
IResponseInfo responseInfo = helpers.analyzeResponse(messages[i].getResponse());
List<String> headers = responseInfo.getHeaders();
for (String header : headers) {
if (startsWithIgnoreCase(header, "set-cookie:")) {
processCookieHeader(header);
}
}
}
IRequestInfo requestInfo = helpers.analyzeRequest(messages[i]);
if (callbacks.isInScope(requestInfo.getUrl())) {
byte[] responseBytes = messages[i].getResponse();
String responseString = "";
if (responseBytes != null) {
responseString = helpers.bytesToString(responseBytes);
inScopeMessagesWithResponses.add(messages[i]);
}
List<IParameter> params = requestInfo.getParameters();
for (IParameter param : params) {
if ((!ignoreEmpty || param.getValue().length() > 0)
&& !ignoreList.contains(param.getName())) {
int type = param.getType();
Map<String, CorrelatedParam> paramMap;
switch (type) {
case IParameter.PARAM_URL:
paramMap = urlParameters;
break;
case IParameter.PARAM_BODY:
paramMap = bodyParameters;
break;
case IParameter.PARAM_COOKIE:
paramMap = cookieParameters;
break;
case IParameter.PARAM_JSON:
paramMap = jsonParameters;
break;
default:
paramMap = null;
// nothing
}
if (paramMap != null) {
if (messages[i] == null) {
callbacks.printOutput("Warning... adding null message!");
}
if (paramMap.containsKey(param.getName())) {
paramMap
.get(param.getName())
.put(param, messages[i], requestInfo, responseString, helpers);
} else {
paramMap.put(
param.getName(),
new CorrelatedParam(param, messages[i], requestInfo, responseString, helpers));
}
}
}
}
}
}
}