buby 1.3.3-java → 1.5.0-java

data/ext/burp_interfaces/burp/IExtensionStateListener.java

@@ -0,0 +1,27 @@
+package burp;
+
+/*
+ * @(#)IExtensionStateListener.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * Extensions can implement this interface and then call
+ * <code>IBurpExtenderCallbacks.registerExtensionStateListener()</code> to
+ * register an extension state listener. The listener will be notified of
+ * changes to the extension's state. <b>Note:</b> Any extensions that start
+ * background threads or open system resources (such as files or database
+ * connections) should register a listener and terminate threads / close
+ * resources when the extension is unloaded.
+ */
+public interface IExtensionStateListener
+{
+    /**
+     * This method is called when the extension is unloaded.
+     */
+    void extensionUnloaded();
+}

data/ext/burp_interfaces/burp/IHttpListener.java

@@ -0,0 +1,37 @@
+package burp;
+
+/*
+ * @(#)IHttpListener.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * Extensions can implement this interface and then call
+ * <code>IBurpExtenderCallbacks.registerHttpListener()</code> to register an
+ * HTTP listener. The listener will be notified of requests and responses made
+ * by any Burp tool. Extensions can perform custom analysis or modification of
+ * these messages by registering an HTTP listener.
+ */
+public interface IHttpListener
+{
+    /**
+     * This method is invoked when an HTTP request is about to be issued, and
+     * when an HTTP response has been received.
+     *
+     * @param toolFlag A flag indicating the Burp tool that issued the request.
+     * Burp tool flags are defined in the
+     * <code>IBurpExtenderCallbacks</code> interface.
+     * @param messageIsRequest Flags whether the method is being invoked for a
+     * request or response.
+     * @param messageInfo Details of the request / response to be processed.
+     * Extensions can call the setter methods on this object to update the
+     * current message and so modify Burp's behavior.
+     */
+    void processHttpMessage(int toolFlag,
+            boolean messageIsRequest,
+            IHttpRequestResponse messageInfo);
+}

data/ext/burp_interfaces/burp/IHttpRequestResponse.java

@@ -0,0 +1,102 @@
+package burp;
+
+/*
+ * @(#)IHttpRequestResponse.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * This interface is used to retrieve and update details about HTTP messages.
+ *
+ * <b>Note:</b> The setter methods generally can only be used before the message
+ * has been processed, and not in read-only contexts. The getter methods
+ * relating to response details can only be used after the request has been
+ * issued.
+ */
+public interface IHttpRequestResponse
+{
+    /**
+     * This method is used to retrieve the request message.
+     *
+     * @return The request message.
+     */
+    byte[] getRequest();
+
+    /**
+     * This method is used to update the request message.
+     *
+     * @param message The new request message.
+     */
+    void setRequest(byte[] message);
+
+    /**
+     * This method is used to retrieve the response message.
+     *
+     * @return The response message.
+     */
+    byte[] getResponse();
+
+    /**
+     * This method is used to update the response message.
+     *
+     * @param message The new response message.
+     */
+    void setResponse(byte[] message);
+
+    /**
+     * This method is used to retrieve the user-annotated comment for this item,
+     * if applicable.
+     *
+     * @return The user-annotated comment for this item, or null if none is set.
+     */
+    String getComment();
+
+    /**
+     * This method is used to update the user-annotated comment for this item.
+     *
+     * @param comment The comment to be assigned to this item.
+     */
+    void setComment(String comment);
+
+    /**
+     * This method is used to retrieve the user-annotated highlight for this
+     * item, if applicable.
+     *
+     * @return The user-annotated highlight for this item, or null if none is
+     * set.
+     */
+    String getHighlight();
+
+    /**
+     * This method is used to update the user-annotated highlight for this item.
+     *
+     * @param color The highlight color to be assigned to this item. Accepted
+     * values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray,
+     * or a null String to clear any existing highlight.
+     */
+    void setHighlight(String color);
+
+    /**
+     * This method is used to retrieve the HTTP service for this request /
+     * response.
+     *
+     * @return An
+     * <code>IHttpService</code> object containing details of the HTTP service.
+     */
+    IHttpService getHttpService();
+
+    /**
+     * This method is used to update the HTTP service for this request /
+     * response.
+     *
+     * @param httpService An
+     * <code>IHttpService</code> object containing details of the new HTTP
+     * service.
+     */
+    void setHttpService(IHttpService httpService);
+
+}

data/ext/burp_interfaces/burp/IHttpRequestResponsePersisted.java

@@ -0,0 +1,26 @@
+package burp;
+
+/*
+ * @(#)IHttpRequestResponsePersisted.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * This interface is used for an
+ * <code>IHttpRequestResponse</code> object whose request and response messages
+ * have been saved to temporary files using
+ * <code>IBurpExtenderCallbacks.saveBuffersToTempFiles()</code>.
+ */
+public interface IHttpRequestResponsePersisted extends IHttpRequestResponse
+{
+    /**
+     * This method is used to permanently delete the saved temporary files. It
+     * will no longer be possible to retrieve the request or response for this
+     * item.
+     */
+    void deleteTempFiles();
+}

data/ext/burp_interfaces/burp/IHttpRequestResponseWithMarkers.java

@@ -0,0 +1,44 @@
+package burp;
+
+/*
+ * @(#)IHttpRequestResponseWithMarkers.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.util.List;
+
+/**
+ * This interface is used for an
+ * <code>IHttpRequestResponse</code> object that has had markers applied.
+ * Extensions can create instances of this interface using
+ * <code>IBurpExtenderCallbacks.applyMarkers()</code>, or provide their own
+ * implementation. Markers are used in various situations, such as specifying
+ * Intruder payload positions, Scanner insertion points, and highlights in
+ * Scanner issues.
+ */
+public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse
+{
+    /**
+     * This method returns the details of the request markers.
+     *
+     * @return A list of index pairs representing the offsets of markers for the
+     * request message. Each item in the list is an int[2] array containing the
+     * start and end offsets for the marker. The method may return
+     * <code>null</code> if no request markers are defined.
+     */
+    List<int[]> getRequestMarkers();
+
+    /**
+     * This method returns the details of the response markers.
+     *
+     * @return A list of index pairs representing the offsets of markers for the
+     * response message. Each item in the list is an int[2] array containing the
+     * start and end offsets for the marker. The method may return
+     * <code>null</code> if no response markers are defined.
+     */
+    List<int[]> getResponseMarkers();
+}

data/ext/burp_interfaces/burp/IHttpService.java

@@ -0,0 +1,39 @@
+package burp;
+
+/*
+ * @(#)IHttpService.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * This interface is used to provide details about an HTTP service, to which
+ * HTTP requests can be sent.
+ */
+public interface IHttpService
+{
+    /**
+     * This method returns the hostname or IP address for the service.
+     *
+     * @return The hostname or IP address for the service.
+     */
+    String getHost();
+
+    /**
+     * This method returns the port number for the service.
+     *
+     * @return The port number for the service.
+     */
+    int getPort();
+
+    /**
+     * This method returns the protocol for the service.
+     *
+     * @return The protocol for the service. Expected values are "http" or
+     * "https".
+     */
+    String getProtocol();
+}

data/ext/burp_interfaces/burp/IInterceptedProxyMessage.java

@@ -0,0 +1,116 @@
+package burp;
+
+/*
+ * @(#)IInterceptedProxyMessage.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.net.InetAddress;
+
+/**
+ * This interface is used to represent an HTTP message that has been intercepted
+ * by Burp Proxy. Extensions can register an
+ * <code>IProxyListener</code> to receive details of proxy messages using this
+ * interface. *
+ */
+public interface IInterceptedProxyMessage
+{
+    /**
+     * This action causes Burp Proxy to follow the current interception rules to
+     * determine the appropriate action to take for the message.
+     */
+    static final int ACTION_FOLLOW_RULES = 0;
+    /**
+     * This action causes Burp Proxy to present the message to the user for
+     * manual review or modification.
+     */
+    static final int ACTION_DO_INTERCEPT = 1;
+    /**
+     * This action causes Burp Proxy to forward the message to the remote server
+     * or client, without presenting it to the user.
+     */
+    static final int ACTION_DONT_INTERCEPT = 2;
+    /**
+     * This action causes Burp Proxy to drop the message.
+     */
+    static final int ACTION_DROP = 3;
+    /**
+     * This action causes Burp Proxy to follow the current interception rules to
+     * determine the appropriate action to take for the message, and then make a
+     * second call to processProxyMessage.
+     */
+    static final int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10;
+    /**
+     * This action causes Burp Proxy to present the message to the user for
+     * manual review or modification, and then make a second call to
+     * processProxyMessage.
+     */
+    static final int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11;
+    /**
+     * This action causes Burp Proxy to skip user interception, and then make a
+     * second call to processProxyMessage.
+     */
+    static final int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12;
+
+    /**
+     * This method retrieves a unique reference number for this
+     * request/response.
+     *
+     * @return An identifier that is unique to a single request/response pair.
+     * Extensions can use this to correlate details of requests and responses
+     * and perform processing on the response message accordingly.
+     */
+    int getMessageReference();
+
+    /**
+     * This method retrieves details of the intercepted message.
+     *
+     * @return An <code>IHttpRequestResponse</code> object containing details of
+     * the intercepted message.
+     */
+    IHttpRequestResponse getMessageInfo();
+
+    /**
+     * This method retrieves the currently defined interception action. The
+     * default action is
+     * <code>ACTION_FOLLOW_RULES</code>. If multiple proxy listeners are
+     * registered, then other listeners may already have modified the
+     * interception action before it reaches the current listener. This method
+     * can be used to determine whether this has occurred.
+     *
+     * @return The currently defined interception action. Possible values are
+     * defined within this interface.
+     */
+    int getInterceptAction();
+
+    /**
+     * This method is used to update the interception action.
+     *
+     * @param interceptAction The new interception action. Possible values are
+     * defined within this interface.
+     */
+    void setInterceptAction(int interceptAction);
+
+    /**
+     * This method retrieves the name of the Burp Proxy listener that is
+     * processing the intercepted message.
+     *
+     * @return The name of the Burp Proxy listener that is processing the
+     * intercepted message. The format is the same as that shown in the Proxy
+     * Listeners UI - for example, "127.0.0.1:8080".
+     */
+    String getListenerInterface();
+
+    /**
+     * This method retrieves the client IP address from which the request for
+     * the intercepted message was received.
+     *
+     * @return The client IP address from which the request for the intercepted
+     * message was received.
+     */
+    InetAddress getClientIpAddress();
+}

data/ext/burp_interfaces/burp/IIntruderAttack.java

@@ -0,0 +1,31 @@
+package burp;
+
+/*
+ * @(#)IIntruderAttack.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * This interface is used to hold details about an Intruder attack.
+ */
+public interface IIntruderAttack 
+{
+    /**
+     * This method is used to retrieve the HTTP service for the attack.
+     * 
+     * @return The HTTP service for the attack.
+     */
+    IHttpService getHttpService();
+    
+    /**
+     * This method is used to retrieve the request template for the attack.
+     * 
+     * @return The request template for the attack.
+     */
+    byte[] getRequestTemplate();
+    
+}

data/ext/burp_interfaces/burp/IIntruderPayloadGenerator.java

@@ -0,0 +1,50 @@
+package burp;
+
+/*
+ * @(#)IIntruderPayloadGenerator.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * This interface is used for custom Intruder payload generators. Extensions
+ * that have registered an
+ * <code>IIntruderPayloadGeneratorFactory</code> must return a new instance of
+ * this interface when required as part of a new Intruder attack.
+ */
+public interface IIntruderPayloadGenerator
+{
+    /**
+     * This method is used by Burp to determine whether the payload generator is
+     * able to provide any further payloads.
+     *
+     * @return Extensions should return
+     * <code>false</code> when all the available payloads have been used up,
+     * otherwise
+     * <code>true</code>.
+     */
+    boolean hasMorePayloads();
+
+    /**
+     * This method is used by Burp to obtain the value of the next payload.
+     *
+     * @param baseValue The base value of the current payload position. This
+     * value may be
+     * <code>null</code> if the concept of a base value is not applicable (e.g.
+     * in a battering ram attack).
+     * @return The next payload to use in the attack.
+     */
+    byte[] getNextPayload(byte[] baseValue);
+
+    /**
+     * This method is used by Burp to reset the state of the payload generator
+     * so that the next call to
+     * <code>getNextPayload()</code> returns the first payload again. This
+     * method will be invoked when an attack uses the same payload generator for
+     * more than one payload position, for example in a sniper attack.
+     */
+    void reset();
+}