Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility
Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Dynamically Applying Highlight Markers

Li Rom Apr 06, 2017 08:27PM UTC

Hi,

Currently I am working on an extension to dynamically apply markers (user defined) to highlight certain specific areas within requests and responses. This works well if I have an "issue" with only one request-response combo.

When encountering issues with multiple requests-responses, I therein stumble upon an error message which reveals that overlapping string indexes, marked for highlighting, should not be used. Which sounds fair, but indicates a limitation to where someone is allowed to place highlights.

Basically, I am trying to point out that within the IHttpRequestResponseWithMarkers class interface, the get methodes are limited to what you want to be highlighted but only if you want that to be replicated across all your requests and responses. Hence why I could not apply different markers within other requests or responses.

The ideal scenario would be if one could apply markers based on the "id" of response-request combo within a specific Issue.

If someone has any suggestions or a different approach on tackling this particular problem, I am all ears. Thank you!


Dafydd Stuttard Apr 07, 2017 08:05AM UTC Support Center agent

IHttpRequestResponseWithMarkers represents a single request/response so the markers apply to that request/response.

If you report an issue with multiple request/responses, then you need the issue to return multiple IHttpRequestResponseWithMarkers objects from the issue’s getHttpMessages() method. Each IHttpRequestResponseWithMarkers object should be set up with the relevant markers for that request/response.


Li Rom Apr 07, 2017 12:26PM UTC
Hi, Dafydd!

Good news! Thank you so much for your suggestion, but I already knew that.

While debugging I realized I was passing the exact same temporary ArrayList to my CustomHttpRequestResponseWithMarkers object; which should have been a different one, each time I looped through my requests/responses. So basically, it was a programming mistake from my end.

Future perspectives: when I have completed this extension I would like to share it with the community. It's a polished version of ManAddScan extension, with added features and improvements.

Best Regards.

Dafydd Stuttard Apr 07, 2017 02:10PM UTC Support Center agent

Glad you got things working.


Philippe Aug 15, 2017 05:58PM UTC
Here is a generic implementation that highlight string in the request or source. https://github.com/GoSecure/csp-auditor/blob/master/csp-auditor-burp-plugin/src/main/java/burp/scanner/MockHttpRequestResponse.java

Note : It will highlight the first instance only.

Post Your public answer

Your name
Your email address
Answer