buby 1.3.3-java → 1.5.0-java

data/ext/burp_interfaces/burp/IIntruderPayloadGeneratorFactory.java

@@ -0,0 +1,40 @@
+package burp;
+
+/*
+ * @(#)IIntruderPayloadGeneratorFactory.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * Extensions can implement this interface and then call
+ * <code>IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory()</code>
+ * to register a factory for custom Intruder payloads.
+ */
+public interface IIntruderPayloadGeneratorFactory
+{
+    /**
+     * This method is used by Burp to obtain the name of the payload generator.
+     * This will be displayed as an option within the Intruder UI when the user
+     * selects to use extension-generated payloads.
+     *
+     * @return The name of the payload generator.
+     */
+    String getGeneratorName();
+
+    /**
+     * This method is used by Burp when the user starts an Intruder attack that
+     * uses this payload generator.
+     *
+     * @param attack An
+     * <code>IIntruderAttack</code> object that can be queried to obtain details
+     * about the attack in which the payload generator will be used.
+     * @return A new instance of
+     * <code>IIntruderPayloadGenerator</code> that will be used to generate
+     * payloads for the attack.
+     */
+    IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack);
+}

data/ext/burp_interfaces/burp/IIntruderPayloadProcessor.java

@@ -0,0 +1,45 @@
+package burp;
+
+/*
+ * @(#)IIntruderPayloadProcessor.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * Extensions can implement this interface and then call
+ * <code>IBurpExtenderCallbacks.registerIntruderPayloadProcessor()</code> to
+ * register a custom Intruder payload processor.
+ */
+public interface IIntruderPayloadProcessor
+{
+    /**
+     * This method is used by Burp to obtain the name of the payload processor.
+     * This will be displayed as an option within the Intruder UI when the user
+     * selects to use an extension-provided payload processor.
+     *
+     * @return The name of the payload processor.
+     */
+    String getProcessorName();
+
+    /**
+     * This method is invoked by Burp each time the processor should be applied
+     * to an Intruder payload.
+     *
+     * @param currentPayload The value of the payload to be processed.
+     * @param originalPayload The value of the original payload prior to
+     * processing by any already-applied processing rules.
+     * @param baseValue The base value of the payload position, which will be
+     * replaced with the current payload.
+     * @return The value of the processed payload. This may be
+     * <code>null</code> to indicate that the current payload should be skipped,
+     * and the attack will move directly to the next payload.
+     */
+    byte[] processPayload(
+            byte[] currentPayload,
+            byte[] originalPayload,
+            byte[] baseValue);
+}

data/{java/src → ext/burp_interfaces}/burp/IMenuItemHandler.java

@@ -1,40 +1,36 @@
-package burp;
-
-/*
- * @(#)IMenuItemHandler.java
- *
- * Copyright PortSwigger Ltd. All rights reserved.
- *
- * This code may be used to extend the functionality of Burp Suite and Burp
- * Suite Professional, provided that this usage does not violate the
- * license terms for those products.
- */
-
-/**
- * This interface is used by implementations of the <code>IBurpExtender</code>
- * interface to provide to Burp Suite a handler for one or more custom menu
- * items, which appear on the various context menus that are used throughout
- * Burp Suite to handle user-driven actions.
- *
- * Extensions which need to add custom menu items to Burp should provide an
- * implementation of this interface, and use the <code>registerMenuItem</code>
- * method of <code>IBurpExtenderCallbacks</code> to register each custom menu
- * item.
- */
-
-public interface IMenuItemHandler
-{
-    /**
-     * This method is invoked by Burp Suite when the user clicks on a custom
-     * menu item which the extension has registered with Burp.
-     *
-     * @param menuItemCaption The caption of the menu item which was clicked.
-     * This parameter enables extensions to provide a single implementation
-     * which handles multiple different menu items.
-     * @param messageInfo Details of the HTTP message(s) for which the context
-     * menu was displayed.
-     */
-    public void menuItemClicked(
-            String menuItemCaption,
-            IHttpRequestResponse[] messageInfo);
-}
+package burp;
+
+/*
+ * @(#)IMenuItemHandler.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * Extensions can implement this interface and then call
+ * <code>IBurpExtenderCallbacks.registerMenuItem()</code> to register a custom
+ * context menu item.
+ *
+ * @deprecated Use
+ * <code>IContextMenuFactory</code> instead.
+ */
+@Deprecated
+public interface IMenuItemHandler
+{
+    /**
+     * This method is invoked by Burp Suite when the user clicks on a custom
+     * menu item which the extension has registered with Burp.
+     *
+     * @param menuItemCaption The caption of the menu item which was clicked.
+     * This parameter enables extensions to provide a single implementation
+     * which handles multiple different menu items.
+     * @param messageInfo Details of the HTTP message(s) for which the context
+     * menu was displayed.
+     */
+    void menuItemClicked(
+            String menuItemCaption,
+            IHttpRequestResponse[] messageInfo);
+}

data/ext/burp_interfaces/burp/IMessageEditor.java

@@ -0,0 +1,64 @@
+package burp;
+
+/*
+ * @(#)IMessageEditor.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.awt.Component;
+
+/**
+ * This interface is used to provide extensions with an instance of Burp's HTTP
+ * message editor, for the extension to use in its own UI. Extensions should
+ * call
+ * <code>IBurpExtenderCallbacks.createMessageEditor()</code> to obtain an
+ * instance of this interface.
+ */
+public interface IMessageEditor
+{
+    /**
+     * This method returns the UI component of the editor, for extensions to add
+     * to their own UI.
+     *
+     * @return The UI component of the editor.
+     */
+    Component getComponent();
+
+    /**
+     * This method is used to display an HTTP message in the editor.
+     *
+     * @param message The HTTP message to be displayed.
+     * @param isRequest Flags whether the message is an HTTP request or
+     * response.
+     */
+    void setMessage(byte[] message, boolean isRequest);
+
+    /**
+     * This method is used to retrieve the currently displayed message, which
+     * may have been modified by the user.
+     *
+     * @return The currently displayed HTTP message.
+     */
+    byte[] getMessage();
+
+    /**
+     * This method is used to determine whether the current message has been
+     * modified by the user.
+     *
+     * @return An indication of whether the current message has been modified by
+     * the user since it was first displayed.
+     */
+    boolean isMessageModified();
+
+    /**
+     * This method returns the data that is currently selected by the user.
+     *
+     * @return The data that is currently selected by the user, or
+     * <code>null</code> if no selection is made.
+     */
+    byte[] getSelectedData();
+}

data/ext/burp_interfaces/burp/IMessageEditorController.java

@@ -0,0 +1,49 @@
+package burp;
+
+/*
+ * @(#)IMessageEditorController.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * This interface is used by an
+ * <code>IMessageEditor</code> to obtain details about the currently displayed
+ * message. Extensions that create instances of Burp's HTTP message editor can
+ * optionally provide an implementation of
+ * <code>IMessageEditorController</code>, which the editor will invoke when it
+ * requires further information about the current message (for example, to send
+ * it to another Burp tool). Extensions that provide custom editor tabs via an
+ * <code>IMessageEditorTabFactory</code> will receive a reference to an
+ * <code>IMessageEditorController</code> object for each tab instance they
+ * generate, which the tab can invoke if it requires further information about
+ * the current message.
+ */
+public interface IMessageEditorController
+{
+    /**
+     * This method is used to retrieve the HTTP service for the current message.
+     *
+     * @return The HTTP service for the current message.
+     */
+    IHttpService getHttpService();
+
+    /**
+     * This method is used to retrieve the HTTP request associated with the
+     * current message (which may itself be a response).
+     *
+     * @return The HTTP request associated with the current message.
+     */
+    byte[] getRequest();
+
+    /**
+     * This method is used to retrieve the HTTP response associated with the
+     * current message (which may itself be a request).
+     *
+     * @return The HTTP response associated with the current message.
+     */
+    byte[] getResponse();
+}

data/ext/burp_interfaces/burp/IMessageEditorTab.java

@@ -0,0 +1,102 @@
+package burp;
+
+/*
+ * @(#)IMessageEditorTab.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.awt.Component;
+
+/**
+ * Extensions that register an
+ * <code>IMessageEditorTabFactory</code> must return instances of this
+ * interface, which Burp will use to create custom tabs within its HTTP message
+ * editors.
+ */
+public interface IMessageEditorTab
+{
+    /**
+     * This method returns the caption that should appear on the custom tab when
+     * it is displayed. <b>Note:</b> Burp invokes this method once when the tab
+     * is first generated, and the same caption will be used every time the tab
+     * is displayed.
+     *
+     * @return The caption that should appear on the custom tab when it is
+     * displayed.
+     */
+    String getTabCaption();
+
+    /**
+     * This method returns the component that should be used as the contents of
+     * the custom tab when it is displayed. <b>Note:</b> Burp invokes this
+     * method once when the tab is first generated, and the same component will
+     * be used every time the tab is displayed.
+     *
+     * @return The component that should be used as the contents of the custom
+     * tab when it is displayed.
+     */
+    Component getUiComponent();
+
+    /**
+     * The hosting editor will invoke this method before it displays a new HTTP
+     * message, so that the custom tab can indicate whether it should be enabled
+     * for that message.
+     *
+     * @param content The message that is about to be displayed.
+     * @param isRequest Indicates whether the message is a request or a
+     * response.
+     * @return The method should return
+     * <code>true</code> if the custom tab is able to handle the specified
+     * message, and so will be displayed within the editor. Otherwise, the tab
+     * will be hidden while this message is displayed.
+     */
+    boolean isEnabled(byte[] content, boolean isRequest);
+
+    /**
+     * The hosting editor will invoke this method to display a new message or to
+     * clear the existing message. This method will only be called with a new
+     * message if the tab has already returned
+     * <code>true</code> to a call to
+     * <code>isEnabled()</code> with the same message details.
+     *
+     * @param content The message that is to be displayed, or
+     * <code>null</code> if the tab should clear its contents and disable any
+     * editable controls.
+     * @param isRequest Indicates whether the message is a request or a
+     * response.
+     */
+    void setMessage(byte[] content, boolean isRequest);
+
+    /**
+     * This method returns the currently displayed message.
+     *
+     * @return The currently displayed message.
+     */
+    byte[] getMessage();
+
+    /**
+     * This method is used to determine whether the currently displayed message
+     * has been modified by the user. The hosting editor will always call
+     * <code>getMessage()</code> before calling this method, so any pending
+     * edits should be completed within
+     * <code>getMessage()</code>.
+     *
+     * @return The method should return
+     * <code>true</code> if the user has modified the current message since it
+     * was first displayed.
+     */
+    boolean isModified();
+
+    /**
+     * This method is used to retrieve the data that is currently selected by
+     * the user.
+     *
+     * @return The data that is currently selected by the user. This may be
+     * <code>null</code> if no selection is currently made.
+     */
+    byte[] getSelectedData();
+}

data/ext/burp_interfaces/burp/IMessageEditorTabFactory.java

@@ -0,0 +1,38 @@
+package burp;
+
+/*
+ * @(#)IMessageEditorTabFactory.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * Extensions can implement this interface and then call
+ * <code>IBurpExtenderCallbacks.registerMessageEditorTabFactory()</code> to
+ * register a factory for custom message editor tabs. This allows extensions to
+ * provide custom rendering or editing of HTTP messages, within Burp's own HTTP
+ * editor.
+ */
+public interface IMessageEditorTabFactory
+{
+    /**
+     * Burp will call this method once for each HTTP message editor, and the
+     * factory should provide a new instance of an
+     * <code>IMessageEditorTab</code> object.
+     *
+     * @param controller An
+     * <code>IMessageEditorController</code> object, which the new tab can query
+     * to retrieve details about the currently displayed message. This may be
+     * <code>null</code> for extension-invoked message editors where the
+     * extension has not provided an editor controller.
+     * @param editable Indicates whether the hosting editor is editable or
+     * read-only.
+     * @return A new
+     * <code>IMessageEditorTab</code> object for use within the message editor.
+     */
+    IMessageEditorTab createNewInstance(IMessageEditorController controller,
+            boolean editable);
+}

data/ext/burp_interfaces/burp/IParameter.java

@@ -0,0 +1,104 @@
+package burp;
+
+/*
+ * @(#)IParameter.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * This interface is used to hold details about an HTTP request parameter.
+ */
+public interface IParameter
+{
+    /**
+     * Used to indicate a parameter within the URL query string.
+     */
+    static final byte PARAM_URL = 0;
+    /**
+     * Used to indicate a parameter within the message body.
+     */
+    static final byte PARAM_BODY = 1;
+    /**
+     * Used to indicate an HTTP cookie.
+     */
+    static final byte PARAM_COOKIE = 2;
+    /**
+     * Used to indicate an item of data within an XML structure.
+     */
+    static final byte PARAM_XML = 3;
+    /**
+     * Used to indicate the value of a tag attribute within an XML structure.
+     */
+    static final byte PARAM_XML_ATTR = 4;
+    /**
+     * Used to indicate the value of a parameter attribute within a multi-part
+     * message body (such as the name of an uploaded file).
+     */
+    static final byte PARAM_MULTIPART_ATTR = 5;
+    /**
+     * Used to indicate an item of data within a JSON structure.
+     */
+    static final byte PARAM_JSON = 6;
+
+    /**
+     * This method is used to retrieve the parameter type.
+     *
+     * @return The parameter type. The available types are defined within this
+     * interface.
+     */
+    byte getType();
+
+    /**
+     * This method is used to retrieve the parameter name.
+     *
+     * @return The parameter name.
+     */
+    String getName();
+
+    /**
+     * This method is used to retrieve the parameter value.
+     *
+     * @return The parameter value.
+     */
+    String getValue();
+
+    /**
+     * This method is used to retrieve the start offset of the parameter name
+     * within the HTTP request.
+     *
+     * @return The start offset of the parameter name within the HTTP request,
+     * or -1 if the parameter is not associated with a specific request.
+     */
+    int getNameStart();
+
+    /**
+     * This method is used to retrieve the end offset of the parameter name
+     * within the HTTP request.
+     *
+     * @return The end offset of the parameter name within the HTTP request, or
+     * -1 if the parameter is not associated with a specific request.
+     */
+    int getNameEnd();
+
+    /**
+     * This method is used to retrieve the start offset of the parameter value
+     * within the HTTP request.
+     *
+     * @return The start offset of the parameter value within the HTTP request,
+     * or -1 if the parameter is not associated with a specific request.
+     */
+    int getValueStart();
+
+    /**
+     * This method is used to retrieve the end offset of the parameter value
+     * within the HTTP request.
+     *
+     * @return The end offset of the parameter value within the HTTP request, or
+     * -1 if the parameter is not associated with a specific request.
+     */
+    int getValueEnd();
+}