Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Alter the request content sent and received from the scanner

Rob | Last updated: Sep 26, 2017 12:59PM UTC

Hi, So I'm trying to write an extender plugin which will decode a fasterinfoset encoded request body before sending it to the scanner so that injection points can be correctly identified. It should then re-encode the scanner output before being sent, but I can't see how to hook into the scanner in this way. Thanks!

PortSwigger Agent | Last updated: Sep 27, 2017 08:46AM UTC

Hi Rob, Thanks for your message, it's an interesting scenario. This is possible through the extender API, although it's a little tricky. You can define an IScannerInsertionPointProvider class that parses the fasterinfoset bod and identifies the insertion points. You also define a IScannerInsertionPoint class, and you IScannerInsertionPointProvider returns a list of these. The IScannerInsertionPoint interface has a buildRequest function that takes a payload and returns a request. You'd want to have IScannerInsertionPoint keep a reference to the parsed fasterinfoset data, replace the insertion point with the payload, then serialise the modified data. There is an alternative approach to this. You can implement IHttpListener and IProxyListener classes that convert incoming fastinfoset data to XML, and outgoing XML to fasterinfoset. This way, Burp only sees XML and tools like Scanner will work directly. I think this is how WCF Deserializer works; it would be worth you taking a look at the source code: - https://github.com/PortSwigger/wcf-deserializer/ Please let us know if you need any further assistance.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.