Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Sending an unmodified and a modified HTTP request

Bill Jun 24, 2019 05:20PM UTC

I am trying to write an extension that when the user makes a request the extension will send two requests, an unmodified request so that the browser will load normally and one where a parameter is added at the end of the URL to test the website's response. I have been able to either make the website load but the parameter not being added consistently (sometimes added correctly, sometimes not added at all, and sometimes added multiple times) or the parameter is added properly and the website will not load. This is the basics of what I have now (which is the inconsistent adding but websites are loading):

public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
if (!messageIsRequest) {
executor.submit(() -> modifyAndProcessHttpMessage(toolFlag, messageInfo, this));
}
}

public static void modifyAndProcessHttpMessage(int toolFlag, IHttpRequestResponse messageInfo, BurpExtender burp) {
// stringbuilder to create new request with size of the request plus a little for variable
StringBuilder modifiedRequest = new StringBuilder(burp.helpers.bytesToString(messageInfo.getRequest()).length() + 32);

// create copy of response
IHttpRequestResponse newRequest = cloneIHttpRequestResponse(messageInfo);

// split at new line
String[] allLines = burp.helpers.bytesToString(newRequest.getRequest()).split("\\r?\\n");

// split first line
String[] firstLine = allLines[0].split(" ");

// temp to hold first line
StringBuilder tempFirst = new StringBuilder(allLines[0].length() + 16);

// check the first char
if (burp.helpers.bytesToString(newRequest.getRequest()).charAt(0) == 'G') {
// check if there are variables in the path to determine concat
if (firstLine[1].contains("?")) {
firstLine[1] = firstLine[1].concat("&asdf=1234");
} else {
firstLine[1] = firstLine[1].concat("?asdf=1234");
}

// temp to hold first line
StringBuilder temp = new StringBuilder(allLines[0].length() + 16);

// recreate first line
for (int i = 0; i < firstLine.length; i++) {
temp.append(firstLine[i] + " ");
}

// set the first line in all lines to the first line
allLines[0] = temp.toString();

// recreate request
for (int i = 0; i < allLines.length; i++) {
modifiedRequest.append(allLines[i] + "\n");
}

// the final request in string form
String finalRequestString = modifiedRequest.toString();

// change from string to bytes and set request
newRequest.setRequest(burp.helpers.stringToBytes(finalRequestString));

} else if (burp.helpers.bytesToString(newRequest.getRequest()).charAt(0) == 'P') {
// make sure it is post and not put
if (burp.helpers.bytesToString(newRequest.getRequest()).charAt(1) == 'O') {
// check if there are variables in the path to determine concat
if (firstLine[1].contains("?")) {
firstLine[1] = firstLine[1].concat("&qwer=5678");
} else {
firstLine[1] = firstLine[1].concat("?qwer=5678");
}

// recreate first line
for (int i = 0; i < firstLine.length; i++) {
tempFirst.append(firstLine[i] + " ");
}

// set the first line in all lines to the first line
allLines[0] = tempFirst.toString();

// recreate request
for (int i = 0; i < allLines.length; i++) {
modifiedRequest.append(allLines[i] + "\n");
}

// the final request in string form
String finalRequestString = modifiedRequest.toString();

// change from string to bytes and set request
newRequest.setRequest(burp.helpers.stringToBytes(finalRequestString));

} else {
// don't need to do anything if it is not post or get

}

} else {
// don't need to do anything if it is not post or get

}

// make request that will test the page
IHttpRequestResponse modifiedRequestResponse = burp.callbacks.makeHttpRequest(newRequest.getHttpService(), newRequest.getRequest());

if (modifiedRequestResponse.getResponse() == null) {
modifiedRequestResponse.setResponse(new byte[0]);
}

}

There's been a lot of different versions of this and a lot of different tests tried so this code might have some janky parts from previous attempts.
Any help and/or advice would be greatly appreciated! Thanks!


Paul Johnston Jun 25, 2019 10:44AM UTC Support Center agent

Hi Bill,

This is an interesting extension. One thing you need to consider is how to display output to the user. If the browser makes one request, you can only return one response to the user. You’ll need to work out what to do with the other response. One idea: compare the two responses. If they are different, create an issue, something like “Server response varies when ?qwer parameter present”

I think the code you’ve sent will cause an infinite look. When you call makeHttpRequest, this will trigger a new callback to processHttpMessage, resulting in uncontrolled recursion. You can avoid this by checking toolFlag and exiting if it equals TOOL_EXTENDER.

Also, can I encourage you to look at IExtensionHelpers.addParameter – this is usually a better way to add a parameter. You code using tempFirst looks quite prone to bugs.

You may want to look at the Auto Repeater extension which has some similarities.


Post Your public answer

Your name
Your email address
Answer