I am trying to write an extension that when the user makes a request the extension will send two requests, an unmodified request so that the browser will load normally and one where a parameter is added at the end of the URL to test the website's response. I have been able to either make the website load but the parameter not being added consistently (sometimes added correctly, sometimes not added at all, and sometimes added multiple times) or the parameter is added properly and the website will not load. This is the basics of what I have now (which is the inconsistent adding but websites are loading):
public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
if (!messageIsRequest) {
executor.submit(() -> modifyAndProcessHttpMessage(toolFlag, messageInfo, this));
}
}
public static void modifyAndProcessHttpMessage(int toolFlag, IHttpRequestResponse messageInfo, BurpExtender burp) {
// stringbuilder to create new request with size of the request plus a little for variable
StringBuilder modifiedRequest = new StringBuilder(burp.helpers.bytesToString(messageInfo.getRequest()).length() + 32);
// create copy of response
IHttpRequestResponse newRequest = cloneIHttpRequestResponse(messageInfo);
// split at new line
String[] allLines = burp.helpers.bytesToString(newRequest.getRequest()).split("\\r?\\n");
// split first line
String[] firstLine = allLines[0].split(" ");
// temp to hold first line
StringBuilder tempFirst = new StringBuilder(allLines[0].length() + 16);
// check the first char
if (burp.helpers.bytesToString(newRequest.getRequest()).charAt(0) == 'G') {
// check if there are variables in the path to determine concat
if (firstLine[1].contains("?")) {
firstLine[1] = firstLine[1].concat("&asdf=1234");
} else {
firstLine[1] = firstLine[1].concat("?asdf=1234");
}
// temp to hold first line
StringBuilder temp = new StringBuilder(allLines[0].length() + 16);
// recreate first line
for (int i = 0; i < firstLine.length; i++) {
temp.append(firstLine[i] + " ");
}
// set the first line in all lines to the first line
allLines[0] = temp.toString();
// recreate request
for (int i = 0; i < allLines.length; i++) {
modifiedRequest.append(allLines[i] + "\n");
}
// the final request in string form
String finalRequestString = modifiedRequest.toString();
// change from string to bytes and set request
newRequest.setRequest(burp.helpers.stringToBytes(finalRequestString));
} else if (burp.helpers.bytesToString(newRequest.getRequest()).charAt(0) == 'P') {
// make sure it is post and not put
if (burp.helpers.bytesToString(newRequest.getRequest()).charAt(1) == 'O') {
// check if there are variables in the path to determine concat
if (firstLine[1].contains("?")) {
firstLine[1] = firstLine[1].concat("&qwer=5678");
} else {
firstLine[1] = firstLine[1].concat("?qwer=5678");
}
// recreate first line
for (int i = 0; i < firstLine.length; i++) {
tempFirst.append(firstLine[i] + " ");
}
// set the first line in all lines to the first line
allLines[0] = tempFirst.toString();
// recreate request
for (int i = 0; i < allLines.length; i++) {
modifiedRequest.append(allLines[i] + "\n");
}
// the final request in string form
String finalRequestString = modifiedRequest.toString();
// change from string to bytes and set request
newRequest.setRequest(burp.helpers.stringToBytes(finalRequestString));
} else {
// don't need to do anything if it is not post or get
}
} else {
// don't need to do anything if it is not post or get
}
// make request that will test the page
IHttpRequestResponse modifiedRequestResponse = burp.callbacks.makeHttpRequest(newRequest.getHttpService(), newRequest.getRequest());
if (modifiedRequestResponse.getResponse() == null) {
modifiedRequestResponse.setResponse(new byte[0]);
}
}
There's been a lot of different versions of this and a lot of different tests tried so this code might have some janky parts from previous attempts.
Any help and/or advice would be greatly appreciated! Thanks!
↧