Exporting site map
I am developing an extension that will perform the same functionality as it can be done manually by right clicking on items in Target's site map or Proxy history and then selecting "Save items". Using manual process I get a file that has contents something like this:
--- SNIP ---
<items burpVersion="2.1.02" exportTime="Mon Aug 05 14:48:13 CEST 2019">
<time>Mon Aug 05 10:20:32 CEST 2019</time>
<request base64="true"><![CDATA[--- SNIP ---]]></request>
<response base64="true"><![CDATA[--- SNIP ---]]></response>
--- SNIP ---
If there is some way to programmatically get this same output (or similar, different format but with the same data) with existing functionality, existing extension or one shot API call, please let me know and ignore the rest of this question. If it is not possible continue reading...
So, as I said, I am creating extension that will do just this. The extension is almost done and by using the getSiteMap() call and iterating through all items I can generate and output the same XML file with all the same information... except one... If you check the XML file, the <host> tag has attribute called "ip". I have went through whole API documentation and I just could not find a way to get the IP associated to that host. Since I can generate manually the output and it contains the IP that information must be somewhere stored but I could not find the API to get it. The closest I got was getting the IHttpService object from the IHttpRequestResponse objects that has three methods: getHost(), getPort() and getProtocol(). The getHost() looked promising but it only contains IP when there is no host present... And I need both. :)
And any solutions that rely on resolving the hostname are not acceptable for me because I want to run this on on many old project files which contain hosts that now have different IP or do not have IP at all anymore. The extension needs to extract information only from the currently opened project file.
So to summarize, my question is: how can an extension get the IP of a specific host from a specific request/response item from site map or proxy history?
As a side note, why not implement project files in some format that is easily used by other tools? This is not the first time I was creating some tool that was stuck because the project file format was not usable out of the box. Then I had to create an extension, run burp with this extension, do my thing and then continue with the normal tool's execution. It is slow and dependable on extension API which can be limiting, as seen from this question. Or if you need the format to be like it is, at least make a functionality that transforms the current project file to some XML or JSON format, just that other tools can then parse and use that info.
Thanks for help!
We have a bit of a backlog in terms of Extensions issues. Please accept our apologies, we’ll get back to you as soon as we can.
Hi Danny, looking at the implementation of the extension interface within Burp Suite, it is just retrieving the value of the ‘host’ element and returning it back to the calling code. Which is why in your example the hostname is being returned and not the IP address attribute. Unfortunately, I can’t see any other options for retrieving this attribute information in the API.
In regards to both of your points, if they are features you would like to see in Burp Suite I can create feature requests for them?
Thank you for the information. Yes, a feature request for both of the points, the missing API to get IP of host in request and the open format for project files, would be great. I do know that the you guys have probably a huge backlog (e.g. when is proxy tab going to have side by side request and response? :-)) so I will not dare to ask for estimated date... :-)
Is there a way to see the current feature requests? And even more useful would be information on what you guys are working on next...?
In any case, awesome job for the tool and thank you for response.
Hi Danny, We have created feature requests for your required functionality. We have associated this thread to those requests to help prioritise them and to notify you if they get released.
Unfortunately like you have mentioned, we aren’t able to provide an ETA.
There isn’t a way to see current feature requests at the moment as they are contained within our internal software, however we are hoping to implement a visible roadmap on our website in the future so you can see what is coming in future updates for Burp Suite.
If you have any specific questions about features you are interested in, I would be happy to answer them.