Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

XML tab "Reparse" Programmatically

Bort_Millipede Nov 24, 2019 08:09PM UTC

Hi,

I would like to know how the "Reparse" button in the request/response "XML" tab reformats XML documents programmatically via Java. Specifically, I am wondering what library(s) are used for this. I am asking for the purpose of incorporating it into current and future Burp Extensions that handle XML documents. While manually reparsing documents in the XML tab is acceptable in many cases, there are other cases where performing the reparsing programmatically would be preferred. In the past I have made use of the Python xml.minidom library for this purpose, but this library has produced mixed results and would only apply to Python extensions anyway.

Thank you for any replies!


Hannah Law Nov 25, 2019 03:19PM UTC Support Center agent

Hi Bort, Would you be able to clarify where this functionality is located (Is it from an extension)? We have requested an XML response in the repeater but we can’t see any options to reparse the content.

Also, what version of Burp Suite are you running?


Bort_Millipede Nov 26, 2019 06:17PM UTC
Hi Hannah,

The functionality I am referring to part of Burp Suite's built-in functionality, and not part of a third-party extension. The functionality is located in the "XML" tab that appears for requests and responses that contain XML content in the message body. This is available for requests in all tools, and for intercepted responses in the Proxy tool. In the lower-right corner of this tab, there is a "Reparse" button that can be pressed to beautify (create separate lines and proper indentation) XML content.

I am currently using Burp Suite Community Edition v2.1.04, but the "Reparse" button has been available in Burp Suite for quite a while now. I have included some screenshots to show you exactly what I am referring to.

1. Raw POST request containing non-beautified XML content, with XML tab available: https://ibb.co/NjbvHJD
2. XML tab containing beautified XML content, and "Reparse" button visible in lower-right corner: https://ibb.co/MpkHd5Q
3. Raw POST request containing beatified XML content after "Reparse" button in XML tab was pressed: https://ibb.co/yYstfnf

I am specifically asking what the "Reparse" button is leveraging programmatically in Java. I would like to incorporate this into existing and future Burp Extensions that process messages containing XML content.

Hannah Law Nov 28, 2019 12:01PM UTC Support Center agent

Hi Bort,

Thank you for the additional information to help locate the functionality you are referring too.

I have just had a look into the Burp Suite source code, and it appears that we have written our own XML parser instead of using a third-party library or native Java functionality. Unfortunately, this means that we are unable to share this information with you, as Burp is closed source.

We would recommend you research how to format XML using native Java functionality and apply that to your extension if it is required.

Please let us know if you need any further assistance.


Bort_Millipede Nov 30, 2019 03:01AM UTC
Hi Hannah,

Thank you for getting back to me. I understand that the Burp Suite source code cannot be shared. I will submit a feature request to see if maybe certain functionality from the proprietary XML parser could be made available through the Burp Extender API.

Post Your public answer

Your name
Your email address
Answer