Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Nested message editors

Veres-Szentkirályi | Last updated: Dec 07, 2017 12:30PM UTC

Are there any artificial limitations regarding message editor nesting? By registering a message editor factory that creates instances of the class with the source code below, I expect it to act as as "proxy" and the resulting UI should be the same as with the original editor. This works fine if I just create it as a child of an ITab for example. However if I do this like below, invoking createMessageEditor and passing the component as the result of the IMessageEditorTab.getUiComponent() method, tabs provided by extension-defined IMessageEditorTab instances do not appear in the window. So for example, in the Proxy window, the tabs look like this: ([foo] means tab "foo" is selected) Request / [Response] Raw / Headers / Hex / ExtensionTab1 / ExtensionTab2 / [Identity] Raw / Headers / Hex So neither "Identity" nor ExtensionTab1-2 appear in the nested message editor, even though the HTTP message (request or response) and the controller instance is passed as-is, thus the behavior should be the same. So my question is again this: are there any artificial limitations regarding message editor nesting -- or am I just overlooking something? Thanks! Source code for IdentityEditor: package burp; import java.awt.Component; public class IdentityEditor implements IMessageEditorTab { byte[] content; private final IMessageEditor editor; IdentityEditor(IMessageEditorController controller, IBurpExtenderCallbacks callbacks) { editor = callbacks.createMessageEditor(controller, false); } public boolean isEnabled(byte[] content, boolean isRequest) { return true; } public void setMessage(byte[] content, boolean isRequest) { this.content = content; editor.setMessage(content, isRequest); } public String getTabCaption() { return "Identity"; } public Component getUiComponent() { return editor.getComponent(); } public byte[] getMessage() { return content; } public boolean isModified() { return false; } public byte[] getSelectedData() { return null; } }

PortSwigger Agent | Last updated: Dec 08, 2017 12:09PM UTC

Hi dnet, Thanks for your message. I can't reproduce the behavior your describe. For me, it caused infinite recursion on createMessageEditor. The behavior you describe sounds preferable to an infinite loop. Did you put anything in your tab factory to avoid a loop? What's your use case for this? There may be an alternative solution.

Burp User | Last updated: Dec 11, 2017 12:18PM UTC

My use case is decoupling my message editors to composable standalone editors, so that it can make use of other message editors. For example, the "outer" editor could be something that recognizes a fully base64-encoded body, and any "inner" editor could read/write the contents. For example if a JSON message is base64-encoded, there wouldn't be a need for the JSON message editor to handle base64-encoding.

PortSwigger Agent | Last updated: Dec 11, 2017 12:19PM UTC

Hi dnet, I did some experimentation and Burp definitely supports nested message editors. Here's some code that does base64 decoding: - https://gist.github.com/pajswigger/a015edf71465d8d1e919611b329ee194 I did find during development that subtle bugs in the extension could stop the tabs appearing. If, for example isEnabled throws an exception, the tab won't appear - and Burp swallows the exception.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.