Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

modifications visible in the proxy

Gabriel | Last updated: Jan 23, 2017 04:01PM UTC

Hello, I would like to implement a simmilar extension like this example: https://github.com/monikamorrow/Burp-Suite-Extension-Examples/blob/master/Example1FindReplace/BurpExtender/src/burp/BurpExtender.java However, I would like to see the modifications of the request in the interception proxy window before it is sent to the server. Hence, I would like to catch the request, modify it, see it in burp and send it. How this should be implemented in an extension? Thanks.

PortSwigger Agent | Last updated: Jan 23, 2017 04:15PM UTC

If you use an IProxyListener, you will be passed an IInterceptedProxyMessage object for each message passing through the Proxy. You can then set the interception action, e.g. to ACTION_DO_INTERCEPT: https://portswigger.net/burp/extender/api/burp/IInterceptedProxyMessage.html#ACTION_DO_INTERCEPT This will make Burp display the message in the Intercept tab.

Burp User | Last updated: Jan 24, 2017 12:29PM UTC

This is a part of the code: @Override public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) { if (toolFlag == IBurpExtenderCallbacks.TOOL_PROXY) { if (messageIsRequest) { IRequestInfo reqInfo = this.callbacks.getHelpers().analyzeRequest(messageInfo); if(reqInfo.getMethod().equalsIgnoreCase("POST")){ messageInfo = FunctionFindReplace(messageInfo); } } } } private IHttpRequestResponse FunctionFindReplace(IHttpRequestResponse messageInfo) { String message = new String(messageInfo.getRequest()); mStdOut.println(message); String search = "KEYWORD"; String replace = "REPLACED"; StringBuilder newString = new StringBuilder(message.length() - search.length() + replace.length()); try { BufferedReader reader = new BufferedReader(new StringReader(message)); String line; while ((line = reader.readLine()) != null) { if (line != null) { if (line.contains(search)) { line = line.replaceAll(search, replace); } newString.append(line).append("\r\n"); } } } catch (Exception e) { mStdErr.println("Error replacing text: " + e.getMessage()); } messageInfo.setRequest(newString.toString().getBytes()); return messageInfo; } @Override public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessage message) { if (messageIsRequest) { if (HOST_FROM.equalsIgnoreCase(message.getClientIpAddress().getHostAddress())) { IRequestInfo reqInfo = this.callbacks.getHelpers().analyzeRequest(message.getMessageInfo()); if (reqInfo.getMethod().equalsIgnoreCase("POST")) { message.setInterceptAction(ACTION_DO_INTERCEPT); } } } } It is working. However, I do not see the replacement. Is there anything that needs to be changed or added in order to see the changed request?

PortSwigger Agent | Last updated: Jan 24, 2017 01:37PM UTC

The problem is that you are doing the match/replace in an IHttpListener. This changes requests just before they hit the wire, and after they have been through the Proxy's processing, including user interception. Get rid of your IHttpListener and do the match/replace work inside your IProxyListener, and you'll see the changes in the intercepted message.

Burp User | Last updated: Jan 24, 2017 02:19PM UTC

OK. I see. But then how should I overcome this: message.setRequest(newString.toString().getBytes()); I cannot use setRequest for the IInterceptedProxyMessage message..

PortSwigger Agent | Last updated: Jan 24, 2017 03:30PM UTC

Please see the API documentation: https://portswigger.net/burp/extender/api/burp/IInterceptedProxyMessage.html You need to call getMessageInfo() first.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.