buby 1.3.3-java → 1.5.0-java

data/ext/burp_interfaces/burp/IScannerInsertionPoint.java

@@ -0,0 +1,156 @@
+package burp;
+
+/*
+ * @(#)IScannerInsertionPoint.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * This interface is used to define an insertion point for use by active Scanner
+ * checks. Extensions can obtain instances of this interface by registering an
+ * <code>IScannerCheck</code>, or can create instances for use by Burp's own
+ * scan checks by registering an
+ * <code>IScannerInsertionPointProvider</code>.
+ */
+public interface IScannerInsertionPoint
+{
+    /**
+     * Used to indicate where the payload is inserted into the value of a URL
+     * parameter.
+     */
+    static final byte INS_PARAM_URL = 0x00;
+    /**
+     * Used to indicate where the payload is inserted into the value of a body
+     * parameter.
+     */
+    static final byte INS_PARAM_BODY = 0x01;
+    /**
+     * Used to indicate where the payload is inserted into the value of an HTTP
+     * cookie.
+     */
+    static final byte INS_PARAM_COOKIE = 0x02;
+    /**
+     * Used to indicate where the payload is inserted into the value of an item
+     * of data within an XML data structure.
+     */
+    static final byte INS_PARAM_XML = 0x03;
+    /**
+     * Used to indicate where the payload is inserted into the value of a tag
+     * attribute within an XML structure.
+     */
+    static final byte INS_PARAM_XML_ATTR = 0x04;
+    /**
+     * Used to indicate where the payload is inserted into the value of a
+     * parameter attribute within a multi-part message body (such as the name of
+     * an uploaded file).
+     */
+    static final byte INS_PARAM_MULTIPART_ATTR = 0x05;
+    /**
+     * Used to indicate where the payload is inserted into the value of an item
+     * of data within a JSON structure.
+     */
+    static final byte INS_PARAM_JSON = 0x06;
+    /**
+     * Used to indicate where the payload is inserted into the value of an AMF
+     * parameter.
+     */
+    static final byte INS_PARAM_AMF = 0x07;
+    /**
+     * Used to indicate where the payload is inserted into the value of an HTTP
+     * request header.
+     */
+    static final byte INS_HEADER = 0x20;
+    /**
+     * Used to indicate where the payload is inserted into a REST parameter
+     * within the URL file path.
+     */
+    static final byte INS_URL_REST = 0x21;
+    /**
+     * Used to indicate where the payload is inserted into the name of an added
+     * URL parameter.
+     */
+    static final byte INS_PARAM_NAME_URL = 0x22;
+    /**
+     * Used to indicate where the payload is inserted into the name of an added
+     * body parameter.
+     */
+    static final byte INS_PARAM_NAME_BODY = 0x23;
+    /**
+     * Used to indicate where the payload is inserted at a location manually
+     * configured by the user.
+     */
+    static final byte INS_USER_PROVIDED = 0x40;
+    /**
+     * Used to indicate where the insertion point is provided by an
+     * extension-registered
+     * <code>IScannerInsertionPointProvider</code>.
+     */
+    static final byte INS_EXTENSION_PROVIDED = 0x41;
+    /**
+     * Used to indicate where the payload is inserted at an unknown location
+     * within the request.
+     */
+    static final byte INS_UNKNOWN = 0x7f;
+
+    /**
+     * This method returns the name of the insertion point.
+     *
+     * @return The name of the insertion point (for example, a description of a
+     * particular request parameter).
+     */
+    String getInsertionPointName();
+
+    /**
+     * This method returns the base value for this insertion point.
+     *
+     * @return the base value that appears in this insertion point in the base
+     * request being scanned, or
+     * <code>null</code> if there is no value in the base request that
+     * corresponds to this insertion point.
+     */
+    String getBaseValue();
+
+    /**
+     * This method is used to build a request with the specified payload placed
+     * into the insertion point. Any necessary adjustments to the Content-Length
+     * header will be made by the Scanner itself when the request is issued, and
+     * there is no requirement for the insertion point to do this. <b>Note:</b>
+     * Burp's built-in scan checks do not apply any payload encoding (such as
+     * URL-encoding) when dealing with an extension-provided insertion point.
+     * Custom insertion points are responsible for performing any data encoding
+     * that is necessary given the nature and location of the insertion point.
+     *
+     * @param payload The payload that should be placed into the insertion
+     * point.
+     * @return The resulting request.
+     */
+    byte[] buildRequest(byte[] payload);
+
+    /**
+     * This method is used to determine the offsets of the payload value within
+     * the request, when it is placed into the insertion point. Scan checks may
+     * invoke this method when reporting issues, so as to highlight the relevant
+     * part of the request within the UI.
+     *
+     * @param payload The payload that should be placed into the insertion
+     * point.
+     * @return An int[2] array containing the start and end offsets of the
+     * payload within the request, or null if this is not applicable (for
+     * example, where the insertion point places a payload into a serialized
+     * data structure, the raw payload may not literally appear anywhere within
+     * the resulting request).
+     */
+    int[] getPayloadOffsets(byte[] payload);
+
+    /**
+     * This method returns the type of the insertion point.
+     *
+     * @return The type of the insertion point. Available types are defined in
+     * this interface.
+     */
+    byte getInsertionPointType();
+}

data/ext/burp_interfaces/burp/IScannerInsertionPointProvider.java

@@ -0,0 +1,38 @@
+package burp;
+
+/*
+ * @(#)IScannerInsertionPointProvider.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.util.List;
+
+/**
+ * Extensions can implement this interface and then call
+ * <code>IBurpExtenderCallbacks.registerScannerInsertionPointProvider()</code>
+ * to register a factory for custom Scanner insertion points.
+ */
+public interface IScannerInsertionPointProvider
+{
+    /**
+     * When a request is actively scanned, the Scanner will invoke this method,
+     * and the provider should provide a list of custom insertion points that
+     * will be used in the scan. <b>Note:</b> these insertion points are used in
+     * addition to those that are derived from Burp Scanner's configuration, and
+     * those provided by any other Burp extensions.
+     *
+     * @param baseRequestResponse The base request that will be actively
+     * scanned.
+     * @return A list of
+     * <code>IScannerInsertionPoint</code> objects that should be used in the
+     * scanning, or
+     * <code>null</code> if no custom insertion points are applicable for this
+     * request.
+     */
+    List<IScannerInsertionPoint> getInsertionPoints(
+            IHttpRequestResponse baseRequestResponse);
+}

data/ext/burp_interfaces/burp/IScannerListener.java

@@ -0,0 +1,30 @@
+package burp;
+
+/*
+ * @(#)IScannerListener.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * Extensions can implement this interface and then call
+ * <code>IBurpExtenderCallbacks.registerScannerListener()</code> to register a
+ * Scanner listener. The listener will be notified of new issues that are
+ * reported by the Scanner tool. Extensions can perform custom analysis or
+ * logging of Scanner issues by registering a Scanner listener.
+ */
+public interface IScannerListener
+{
+    /**
+     * This method is invoked when a new issue is added to Burp Scanner's
+     * results.
+     *
+     * @param issue An
+     * <code>IScanIssue</code> object that the extension can query to obtain
+     * details about the new issue.
+     */
+    void newScanIssue(IScanIssue issue);
+}

data/ext/burp_interfaces/burp/IScopeChangeListener.java

@@ -0,0 +1,25 @@
+package burp;
+
+/*
+ * @(#)IScopeChangeListener.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * Extensions can implement this interface and then call
+ * <code>IBurpExtenderCallbacks.registerScopeChangeListener()</code> to register
+ * a scope change listener. The listener will be notified whenever a change
+ * occurs to Burp's suite-wide target scope.
+ */
+public interface IScopeChangeListener
+{
+    /**
+     * This method is invoked whenever a change occurs to Burp's suite-wide
+     * target scope.
+     */
+    void scopeChanged();
+}

data/ext/burp_interfaces/burp/ISessionHandlingAction.java

@@ -0,0 +1,51 @@
+package burp;
+
+/*
+ * @(#)ISessionHandlingAction.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * Extensions can implement this interface and then call
+ * <code>IBurpExtenderCallbacks.registerSessionHandlingAction()</code> to
+ * register a custom session handling action. Each registered action will be
+ * available within the session handling rule UI for the user to select as a
+ * rule action. Users can choose to invoke an action directly in its own right,
+ * or following execution of a macro.
+ */
+public interface ISessionHandlingAction
+{
+    /**
+     * This method is used by Burp to obtain the name of the session handling
+     * action. This will be displayed as an option within the session handling
+     * rule editor when the user selects to execute an extension-provided
+     * action.
+     *
+     * @return The name of the action.
+     */
+    String getActionName();
+
+    /**
+     * This method is invoked when the session handling action should be
+     * executed. This may happen as an action in its own right, or as a
+     * sub-action following execution of a macro.
+     *
+     * @param currentRequest The base request that is currently being processed.
+     * The action can query this object to obtain details about the base
+     * request. It can issue additional requests of its own if necessary, and
+     * can use the setter methods on this object to update the base request.
+     * @param macroItems If the action is invoked following execution of a
+     * macro, this parameter contains the result of executing the macro.
+     * Otherwise, it is
+     * <code>null</code>. Actions can use the details of the macro items to
+     * perform custom analysis of the macro to derive values of non-standard
+     * session handling tokens, etc.
+     */
+    void performAction(
+            IHttpRequestResponse currentRequest,
+            IHttpRequestResponse[] macroItems);
+}

data/ext/burp_interfaces/burp/ITab.java

@@ -0,0 +1,38 @@
+package burp;
+
+/*
+ * @(#)ITab.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.awt.Component;
+
+/**
+ * This interface is used to provide Burp with details of a custom tab that will
+ * be added to Burp's UI, using a method such as
+ * <code>IBurpExtenderCallbacks.addSuiteTab()</code>.
+ */
+public interface ITab
+{
+    /**
+     * Burp uses this method to obtain the caption that should appear on the
+     * custom tab when it is displayed.
+     *
+     * @return The caption that should appear on the custom tab when it is
+     * displayed.
+     */
+    String getTabCaption();
+
+    /**
+     * Burp uses this method to obtain the component that should be used as the
+     * contents of the custom tab when it is displayed.
+     *
+     * @return The component that should be used as the contents of the custom
+     * tab when it is displayed.
+     */
+    Component getUiComponent();
+}

data/ext/burp_interfaces/burp/ITempFile.java

@@ -0,0 +1,33 @@
+package burp;
+
+/*
+ * @(#)ITempFile.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * This interface is used to hold details of a temporary file that has been
+ * created via a call to
+ * <code>IBurpExtenderCallbacks.saveToTempFile()</code>.
+ *
+ */
+public interface ITempFile
+{
+    /**
+     * This method is used to retrieve the contents of the buffer that was saved
+     * in the temporary file.
+     *
+     * @return The contents of the buffer that was saved in the temporary file.
+     */
+    byte[] getBuffer();
+
+    /**
+     * This method is used to permanently delete the temporary file when it is
+     * no longer required.
+     */
+    void delete();
+}

data/ext/burp_interfaces/burp/ITextEditor.java

@@ -0,0 +1,90 @@
+package burp;
+
+/*
+ * @(#)ITextEditor.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.awt.Component;
+
+/**
+ * This interface is used to provide extensions with an instance of Burp's raw
+ * text editor, for the extension to use in its own UI. Extensions should call
+ * <code>IBurpExtenderCallbacks.createTextEditor()</code> to obtain an instance
+ * of this interface.
+ */
+public interface ITextEditor
+{
+    /**
+     * This method returns the UI component of the editor, for extensions to add
+     * to their own UI.
+     *
+     * @return The UI component of the editor.
+     */
+    Component getComponent();
+
+    /**
+     * This method is used to control whether the editor is currently editable.
+     * This status can be toggled on and off as required.
+     *
+     * @param editable Indicates whether the editor should be currently
+     * editable.
+     */
+    void setEditable(boolean editable);
+
+    /**
+     * This method is used to update the currently displayed text in the editor.
+     *
+     * @param text The text to be displayed.
+     */
+    void setText(byte[] text);
+
+    /**
+     * This method is used to retrieve the currently displayed text.
+     *
+     * @return The currently displayed text.
+     */
+    byte[] getText();
+
+    /**
+     * This method is used to determine whether the user has modified the
+     * contents of the editor.
+     *
+     * @return An indication of whether the user has modified the contents of
+     * the editor since the last call to
+     * <code>setText()</code>.
+     */
+    boolean isTextModified();
+
+    /**
+     * This method is used to obtain the currently selected text.
+     *
+     * @return The currently selected text, or
+     * <code>null</code> if the user has not made any selection.
+     */
+    byte[] getSelectedText();
+
+    /**
+     * This method can be used to retrieve the bounds of the user's selection
+     * into the displayed text, if applicable.
+     *
+     * @return An int[2] array containing the start and end offsets of the
+     * user's selection within the displayed text. If the user has not made any
+     * selection in the current message, both offsets indicate the position of
+     * the caret within the editor.
+     */
+    int[] getSelectionBounds();
+
+    /**
+     * This method is used to update the search expression that is shown in the
+     * search bar below the editor. The editor will automatically highlight any
+     * regions of the displayed text that match the search expression.
+     *
+     * @param expression The search expression.
+     */
+    void setSearchExpression(String expression);
+}