buby 1.3.3-java → 1.5.0-java

data/ext/burp_interfaces/burp/IContextMenuFactory.java

@@ -0,0 +1,38 @@
+package burp;
+
+/*
+ * @(#)IContextMenuFactory.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.util.List;
+import javax.swing.JMenuItem;
+
+/**
+ * Extensions can implement this interface and then call
+ * <code>IBurpExtenderCallbacks.registerContextMenuFactory()</code> to register
+ * a factory for custom context menu items.
+ */
+public interface IContextMenuFactory
+{
+    /**
+     * This method will be called by Burp when the user invokes a context menu
+     * anywhere within Burp. The factory can then provide any custom context
+     * menu items that should be displayed in the context menu, based on the
+     * details of the menu invocation.
+     *
+     * @param invocation An object that implements the
+     * <code>IMessageEditorTabFactory</code> interface, which the extension can
+     * query to obtain details of the context menu invocation.
+     * @return A list of custom menu items (which may include sub-menus,
+     * checkbox menu items, etc.) that should be displayed. Extensions may
+     * return
+     * <code>null</code> from this method, to indicate that no menu items are
+     * required.
+     */
+    List<JMenuItem> createMenuItems(IContextMenuInvocation invocation);
+}

data/ext/burp_interfaces/burp/IContextMenuInvocation.java

@@ -0,0 +1,156 @@
+package burp;
+
+/*
+ * @(#)IContextMenuInvocation.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.awt.event.InputEvent;
+
+/**
+ * This interface is used when Burp calls into an extension-provided
+ * <code>IContextMenuFactory</code> with details of a context menu invocation.
+ * The custom context menu factory can query this interface to obtain details of
+ * the invocation event, in order to determine what menu items should be
+ * displayed.
+ */
+public interface IContextMenuInvocation
+{
+    /**
+     * Used to indicate that the context menu is being invoked in a request
+     * editor.
+     */
+    static final byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0;
+    /**
+     * Used to indicate that the context menu is being invoked in a response
+     * editor.
+     */
+    static final byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1;
+    /**
+     * Used to indicate that the context menu is being invoked in a non-editable
+     * request viewer.
+     */
+    static final byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2;
+    /**
+     * Used to indicate that the context menu is being invoked in a non-editable
+     * response viewer.
+     */
+    static final byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3;
+    /**
+     * Used to indicate that the context menu is being invoked in the Target
+     * site map tree.
+     */
+    static final byte CONTEXT_TARGET_SITE_MAP_TREE = 4;
+    /**
+     * Used to indicate that the context menu is being invoked in the Target
+     * site map table.
+     */
+    static final byte CONTEXT_TARGET_SITE_MAP_TABLE = 5;
+    /**
+     * Used to indicate that the context menu is being invoked in the Proxy
+     * history.
+     */
+    static final byte CONTEXT_PROXY_HISTORY = 6;
+    /**
+     * Used to indicate that the context menu is being invoked in the Scanner
+     * results.
+     */
+    static final byte CONTEXT_SCANNER_RESULTS = 7;
+    /**
+     * Used to indicate that the context menu is being invoked in the Intruder
+     * payload positions editor.
+     */
+    static final byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8;
+    /**
+     * Used to indicate that the context menu is being invoked in an Intruder
+     * attack results.
+     */
+    static final byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9;
+    /**
+     * Used to indicate that the context menu is being invoked in a search
+     * results window.
+     */
+    static final byte CONTEXT_SEARCH_RESULTS = 10;
+
+    /**
+     * This method can be used to retrieve the native Java input event that was
+     * the trigger for the context menu invocation.
+     *
+     * @return The <code>InputEvent</code> that was the trigger for the context
+     * menu invocation.
+     */
+    InputEvent getInputEvent();
+
+    /**
+     * This method can be used to retrieve the Burp tool within which the
+     * context menu was invoked.
+     *
+     * @return A flag indicating the Burp tool within which the context menu was
+     * invoked. Burp tool flags are defined in the
+     * <code>IBurpExtenderCallbacks</code> interface.
+     */
+    int getToolFlag();
+
+    /**
+     * This method can be used to retrieve the context within which the menu was
+     * invoked.
+     *
+     * @return An index indicating the context within which the menu was
+     * invoked. The indices used are defined within this interface.
+     */
+    byte getInvocationContext();
+
+    /**
+     * This method can be used to retrieve the bounds of the user's selection
+     * into the current message, if applicable.
+     *
+     * @return An int[2] array containing the start and end offsets of the
+     * user's selection in the current message. If the user has not made any
+     * selection in the current message, both offsets indicate the position of
+     * the caret within the editor. If the menu is not being invoked from a
+     * message editor, the method returns <code>null</code>.
+     */
+    int[] getSelectionBounds();
+
+    /**
+     * This method can be used to retrieve details of the HTTP requests /
+     * responses that were shown or selected by the user when the context menu
+     * was invoked.
+     *
+     * <b>Note:</b> For performance reasons, the objects returned from this
+     * method are tied to the originating context of the messages within the
+     * Burp UI. For example, if a context menu is invoked on the Proxy intercept
+     * panel, then the
+     * <code>IHttpRequestResponse</code> returned by this method will reflect
+     * the current contents of the interception panel, and this will change when
+     * the current message has been forwarded or dropped. If your extension
+     * needs to store details of the message for which the context menu has been
+     * invoked, then you should query those details from the
+     * <code>IHttpRequestResponse</code> at the time of invocation, or you
+     * should use
+     * <code>IBurpExtenderCallbacks.saveBuffersToTempFiles()</code> to create a
+     * persistent read-only copy of the
+     * <code>IHttpRequestResponse</code>.
+     *
+     * @return An array of <code>IHttpRequestResponse</code> objects
+     * representing the items that were shown or selected by the user when the
+     * context menu was invoked. This method returns <code>null</code> if no
+     * messages are applicable to the invocation.
+     */
+    IHttpRequestResponse[] getSelectedMessages();
+
+    /**
+     * This method can be used to retrieve details of the Scanner issues that
+     * were selected by the user when the context menu was invoked.
+     *
+     * @return An array of <code>IScanIssue</code> objects representing the
+     * issues that were selected by the user when the context menu was invoked.
+     * This method returns <code>null</code> if no Scanner issues are applicable
+     * to the invocation.
+     */
+    IScanIssue[] getSelectedIssues();
+}

data/ext/burp_interfaces/burp/ICookie.java

@@ -0,0 +1,53 @@
+package burp;
+
+/*
+ * @(#)ICookie.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.util.Date;
+
+/**
+ * This interface is used to hold details about an HTTP cookie.
+ */
+public interface ICookie
+{
+    /**
+     * This method is used to retrieve the domain for which the cookie is in
+     * scope.
+     *
+     * @return The domain for which the cookie is in scope. <b>Note:</b> For
+     * cookies that have been analyzed from responses (by calling
+     * <code>IExtensionHelpers.analyzeResponse()</code> and then
+     * <code>IResponseInfo.getCookies()</code>, the domain will be
+     * <code>null</code> if the response did not explicitly set a domain
+     * attribute for the cookie.
+     */
+    String getDomain();
+
+    /**
+     * This method is used to retrieve the expiration time for the cookie.
+     *
+     * @return The expiration time for the cookie, or
+     * <code>null</code> if none is set (i.e., for non-persistent session
+     * cookies).
+     */
+    Date getExpiration();
+
+    /**
+     * This method is used to retrieve the name of the cookie.
+     * 
+     * @return The name of the cookie.
+     */
+    String getName();
+
+    /**
+     * This method is used to retrieve the value of the cookie.
+     * @return The value of the cookie.
+     */
+    String getValue();
+}

data/ext/burp_interfaces/burp/IExtensionHelpers.java

@@ -0,0 +1,352 @@
+package burp;
+
+/*
+ * @(#)IExtensionHelpers.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.net.URL;
+import java.util.List;
+
+/**
+ * This interface contains a number of helper methods, which extensions can use
+ * to assist with various common tasks that arise for Burp extensions.
+ *
+ * Extensions can call
+ * <code>IBurpExtenderCallbacks.getHelpers</code> to obtain an instance of this
+ * interface.
+ */
+public interface IExtensionHelpers
+{
+    /**
+     * This method can be used to analyze an HTTP request, and obtain various
+     * key details about it.
+     *
+     * @param request An
+     * <code>IHttpRequestResponse</code> object containing the request to be
+     * analyzed.
+     * @return An
+     * <code>IRequestInfo</code> object that can be queried to obtain details
+     * about the request.
+     */
+    IRequestInfo analyzeRequest(IHttpRequestResponse request);
+
+    /**
+     * This method can be used to analyze an HTTP request, and obtain various
+     * key details about it.
+     *
+     * @param httpService The HTTP service associated with the request. This is
+     * optional and may be
+     * <code>null</code>, in which case the resulting
+     * <code>IRequestInfo</code> object will not include the full request URL.
+     * @param request The request to be analyzed.
+     * @return An
+     * <code>IRequestInfo</code> object that can be queried to obtain details
+     * about the request.
+     */
+    IRequestInfo analyzeRequest(IHttpService httpService, byte[] request);
+
+    /**
+     * This method can be used to analyze an HTTP request, and obtain various
+     * key details about it. The resulting
+     * <code>IRequestInfo</code> object will not include the full request URL.
+     * To obtain the full URL, use one of the other overloaded
+     * <code>analyzeRequest()</code> methods.
+     *
+     * @param request The request to be analyzed.
+     * @return An
+     * <code>IRequestInfo</code> object that can be queried to obtain details
+     * about the request.
+     */
+    IRequestInfo analyzeRequest(byte[] request);
+
+    /**
+     * This method can be used to analyze an HTTP response, and obtain various
+     * key details about it.
+     *
+     * @param response The response to be analyzed.
+     * @return An
+     * <code>IResponseInfo</code> object that can be queried to obtain details
+     * about the response.
+     */
+    IResponseInfo analyzeResponse(byte[] response);
+
+    /**
+     * This method can be used to retrieve details of a specified parameter
+     * within an HTTP request. <b>Note:</b> Use
+     * <code>analyzeRequest()</code> to obtain details of all parameters within
+     * the request.
+     *
+     * @param request The request to be inspected for the specified parameter.
+     * @param parameterName The name of the parameter to retrieve.
+     * @return An
+     * <code>IParameter</code> object that can be queried to obtain details
+     * about the parameter, or
+     * <code>null</code> if the parameter was not found.
+     */
+    IParameter getRequestParameter(byte[] request, String parameterName);
+
+    /**
+     * This method can be used to URL-decode the specified data.
+     *
+     * @param data The data to be decoded.
+     * @return The decoded data.
+     */
+    String urlDecode(String data);
+
+    /**
+     * This method can be used to URL-encode the specified data. Any characters
+     * that do not need to be encoded within HTTP requests are not encoded.
+     *
+     * @param data The data to be encoded.
+     * @return The encoded data.
+     */
+    String urlEncode(String data);
+
+    /**
+     * This method can be used to URL-decode the specified data.
+     *
+     * @param data The data to be decoded.
+     * @return The decoded data.
+     */
+    byte[] urlDecode(byte[] data);
+
+    /**
+     * This method can be used to URL-encode the specified data. Any characters
+     * that do not need to be encoded within HTTP requests are not encoded.
+     *
+     * @param data The data to be encoded.
+     * @return The encoded data.
+     */
+    byte[] urlEncode(byte[] data);
+
+    /**
+     * This method can be used to Base64-decode the specified data.
+     *
+     * @param data The data to be decoded.
+     * @return The decoded data.
+     */
+    byte[] base64Decode(String data);
+
+    /**
+     * This method can be used to Base64-decode the specified data.
+     *
+     * @param data The data to be decoded.
+     * @return The decoded data.
+     */
+    byte[] base64Decode(byte[] data);
+
+    /**
+     * This method can be used to Base64-encode the specified data.
+     *
+     * @param data The data to be encoded.
+     * @return The encoded data.
+     */
+    String base64Encode(String data);
+
+    /**
+     * This method can be used to Base64-encode the specified data.
+     *
+     * @param data The data to be encoded.
+     * @return The encoded data.
+     */
+    String base64Encode(byte[] data);
+
+    /**
+     * This method can be used to convert data from String form into an array of
+     * bytes. The conversion does not reflect any particular character set, and
+     * a character with the hex representation 0xWXYZ will always be converted
+     * into a byte with the representation 0xYZ. It performs the opposite
+     * conversion to the method
+     * <code>bytesToString()</code>, and byte-based data that is converted to a
+     * String and back again using these two methods is guaranteed to retain its
+     * integrity (which may not be the case with conversions that reflect a
+     * given character set).
+     *
+     * @param data The data to be converted.
+     * @return The converted data.
+     */
+    byte[] stringToBytes(String data);
+
+    /**
+     * This method can be used to convert data from an array of bytes into
+     * String form. The conversion does not reflect any particular character
+     * set, and a byte with the representation 0xYZ will always be converted
+     * into a character with the hex representation 0x00YZ. It performs the
+     * opposite conversion to the method
+     * <code>stringToBytes()</code>, and byte-based data that is converted to a
+     * String and back again using these two methods is guaranteed to retain its
+     * integrity (which may not be the case with conversions that reflect a
+     * given character set).
+     *
+     * @param data The data to be converted.
+     * @return The converted data.
+     */
+    String bytesToString(byte[] data);
+
+    /**
+     * This method searches a piece of data for the first occurrence of a
+     * specified pattern. It works on byte-based data in a way that is similar
+     * to the way the native Java method
+     * <code>String.indexOf()</code> works on String-based data.
+     *
+     * @param data The data to be searched.
+     * @param pattern The pattern to be searched for.
+     * @param caseSensitive Flags whether or not the search is case-sensitive.
+     * @param from The offset within
+     * <code>data</code> where the search should begin.
+     * @param to The offset within
+     * <code>data</code> where the search should end.
+     * @return The offset of the first occurrence of the pattern within the
+     * specified bounds, or -1 if no match is found.
+     */
+    int indexOf(byte[] data,
+            byte[] pattern,
+            boolean caseSensitive,
+            int from,
+            int to);
+
+    /**
+     * This method builds an HTTP message containing the specified headers and
+     * message body. If applicable, the Content-Length header will be added or
+     * updated, based on the length of the body.
+     *
+     * @param headers A list of headers to include in the message.
+     * @param body The body of the message, of
+     * <code>null</code> if the message has an empty body.
+     * @return The resulting full HTTP message.
+     */
+    byte[] buildHttpMessage(List<String> headers, byte[] body);
+
+    /**
+     * This method creates a GET request to the specified URL. The headers used
+     * in the request are determined by the Request headers settings as
+     * configured in Burp Spider's options.
+     *
+     * @param url The URL to which the request should be made.
+     * @return A request to the specified URL.
+     */
+    byte[] buildHttpRequest(URL url);
+
+    /**
+     * This method adds a new parameter to an HTTP request, and if appropriate
+     * updates the Content-Length header.
+     *
+     * @param request The request to which the parameter should be added.
+     * @param parameter An
+     * <code>IParameter</code> object containing details of the parameter to be
+     * added. Supported parameter types are:
+     * <code>PARAM_URL</code>,
+     * <code>PARAM_BODY</code> and
+     * <code>PARAM_COOKIE</code>.
+     * @return A new HTTP request with the new parameter added.
+     */
+    byte[] addParameter(byte[] request, IParameter parameter);
+
+    /**
+     * This method removes a parameter from an HTTP request, and if appropriate
+     * updates the Content-Length header.
+     *
+     * @param request The request from which the parameter should be removed.
+     * @param parameter An
+     * <code>IParameter</code> object containing details of the parameter to be
+     * removed. Supported parameter types are:
+     * <code>PARAM_URL</code>,
+     * <code>PARAM_BODY</code> and
+     * <code>PARAM_COOKIE</code>.
+     * @return A new HTTP request with the parameter removed.
+     */
+    byte[] removeParameter(byte[] request, IParameter parameter);
+
+    /**
+     * This method updates the value of a parameter within an HTTP request, and
+     * if appropriate updates the Content-Length header. <b>Note:</b> This
+     * method can only be used to update the value of an existing parameter of a
+     * specified type. If you need to change the type of an existing parameter,
+     * you should first call
+     * <code>removeParameter()</code> to remove the parameter with the old type,
+     * and then call
+     * <code>addParameter()</code> to add a parameter with the new type.
+     *
+     * @param request The request containing the parameter to be updated.
+     * @param parameter An
+     * <code>IParameter</code> object containing details of the parameter to be
+     * updated. Supported parameter types are:
+     * <code>PARAM_URL</code>,
+     * <code>PARAM_BODY</code> and
+     * <code>PARAM_COOKIE</code>.
+     * @return A new HTTP request with the parameter updated.
+     */
+    byte[] updateParameter(byte[] request, IParameter parameter);
+
+    /**
+     * This method can be used to toggle a request's method between GET and
+     * POST. Parameters are relocated between the URL query string and message
+     * body as required, and the Content-Length header is created or removed as
+     * applicable.
+     *
+     * @param request The HTTP request whose method should be toggled.
+     * @return A new HTTP request using the toggled method.
+     */
+    byte[] toggleRequestMethod(byte[] request);
+
+    /**
+     * This method constructs an
+     * <code>IHttpService</code> object based on the details provided.
+     *
+     * @param host The HTTP service host.
+     * @param port The HTTP service port.
+     * @param protocol The HTTP service protocol.
+     * @return An
+     * <code>IHttpService</code> object based on the details provided.
+     */
+    IHttpService buildHttpService(String host, int port, String protocol);
+
+    /**
+     * This method constructs an
+     * <code>IHttpService</code> object based on the details provided.
+     *
+     * @param host The HTTP service host.
+     * @param port The HTTP service port.
+     * @param useHttps Flags whether the HTTP service protocol is HTTPS or HTTP.
+     * @return An
+     * <code>IHttpService</code> object based on the details provided.
+     */
+    IHttpService buildHttpService(String host, int port, boolean useHttps);
+
+    /**
+     * This method constructs an
+     * <code>IParameter</code> object based on the details provided.
+     *
+     * @param name The parameter name.
+     * @param value The parameter value.
+     * @param type The parameter type, as defined in the
+     * <code>IParameter</code> interface.
+     * @return An
+     * <code>IParameter</code> object based on the details provided.
+     */
+    IParameter buildParameter(String name, String value, byte type);
+
+    /**
+     * This method constructs an
+     * <code>IScannerInsertionPoint</code> object based on the details provided.
+     * It can be used to quickly create a simple insertion point based on a
+     * fixed payload location within a base request.
+     *
+     * @param insertionPointName The name of the insertion point.
+     * @param baseRequest The request from which to build scan requests.
+     * @param from The offset of the start of the payload location.
+     * @param to The offset of the end of the payload location.
+     * @return An
+     * <code>IScannerInsertionPoint</code> object based on the details provided.
+     */
+    IScannerInsertionPoint makeScannerInsertionPoint(
+            String insertionPointName,
+            byte[] baseRequest,
+            int from,
+            int to);
+}