Example 1 with IResponseInfo
use of burp.IResponseInfo in project Burp-ConvisoPlatform by convisolabs.
the class GraphQLService method executeQuery.
public String executeQuery(String query) throws AuthenticationException {
GraphQLQuery graphQL = new GraphQLQuery(query);
HttpClient httpClient = new HttpClient(this.callbacks, this.helpers);
String response = httpClient.post(new Gson().toJson(graphQL));
IResponseInfo responseInfo = this.helpers.analyzeResponse(response.getBytes(StandardCharsets.UTF_8));
int bodyOffset = responseInfo.getBodyOffset();
if (responseInfo.getStatusCode() == 401) {
throw new AuthenticationException(response.substring(bodyOffset));
}
return response.substring(bodyOffset);
}
Also used :
IResponseInfo(burp.IResponseInfo)
AuthenticationException(org.apache.http.auth.AuthenticationException)
HttpClient(http.HttpClient)
Gson(com.google.gson.Gson)
GraphQLQuery(models.graphql.GraphQLQuery)
Example 2 with IResponseInfo
use of burp.IResponseInfo in project YaguraExtender by raise-isayan.
the class HtmlCommetViewTab method isEnabled.
@Override
public boolean isEnabled(byte[] content, boolean isMessageRequest) {
if (content == null || content.length == 0) {
return false;
}
UniversalViewProperty viewProperty = BurpExtender.getInstance().getProperty().getEncodingProperty();
EnumSet<UniversalViewProperty.UniversalView> view = viewProperty.getMessageView();
this.setLineWrap(viewProperty.isLineWrap());
if (!view.contains(UniversalViewProperty.UniversalView.HTML_COMMENT)) {
return false;
}
boolean mimeHTMLType = false;
byte[] body = new byte[0];
if (!isMessageRequest) {
IResponseInfo resInfo = BurpExtender.getHelpers().analyzeResponse(content);
String mimeType = resInfo.getInferredMimeType();
mimeHTMLType = ("HTML".equals(mimeType) || "XML".equals(mimeType));
body = ResponseInfo.getBodyBytes(resInfo, content);
}
if (body.length > 0 && mimeHTMLType) {
return TransUtil.extractHTMLComments(StringUtil.getBytesRawString(body), false).length > 0;
} else {
return false;
}
}
Also used :
IResponseInfo(burp.IResponseInfo)
UniversalViewProperty(yagura.model.UniversalViewProperty)
Example 3 with IResponseInfo
use of burp.IResponseInfo in project YaguraExtender by raise-isayan.
the class JSONViewTab method isEnabledJsonp.
public boolean isEnabledJsonp(byte[] content, boolean isMessageRequest) {
EnumSet<UniversalViewProperty.UniversalView> view = BurpExtender.getInstance().getProperty().getEncodingProperty().getMessageView();
if (!view.contains(UniversalViewProperty.UniversalView.JSONP)) {
return false;
}
if (content.length > BurpExtender.getInstance().getProperty().getEncodingProperty().getDispayMaxLength() && BurpExtender.getInstance().getProperty().getEncodingProperty().getDispayMaxLength() != 0) {
return false;
}
byte[] body = new byte[0];
if (this.isRequest && isMessageRequest) {
IRequestInfo reqInfo = BurpExtender.getHelpers().analyzeRequest(content);
body = RequestInfo.getBodyBytes(reqInfo, content);
} else if (!this.isRequest && !isMessageRequest) {
IResponseInfo resInfo = BurpExtender.getHelpers().analyzeResponse(content);
body = ResponseInfo.getBodyBytes(resInfo, content);
}
return FormatUtil.isJsonp(StringUtil.getBytesRawString(body));
}
Also used :
IResponseInfo(burp.IResponseInfo)
IRequestInfo(burp.IRequestInfo)
Example 4 with IResponseInfo
use of burp.IResponseInfo in project YaguraExtender by raise-isayan.
the class SendToMenuItem method tempMessageFile.
protected File tempMessageFile(IHttpRequestResponse messageInfo, int index) {
File file = null;
try {
file = File.createTempFile(HttpUtil.getBaseName(BurpExtender.getHelpers().getURL(messageInfo)) + "." + index + ".", ".tmp");
file.deleteOnExit();
try (BufferedOutputStream fostm = new BufferedOutputStream(new FileOutputStream(file, true))) {
if ((this.isRequestHeader() || this.isRequestBody()) && messageInfo.getRequest() != null) {
byte[] reqMessage = messageInfo.getRequest();
if (!(this.isRequestHeader() && this.isRequestBody())) {
IRequestInfo reqInfo = BurpExtender.getHelpers().analyzeRequest(messageInfo.getRequest());
if (this.isRequestHeader()) {
reqMessage = Arrays.copyOfRange(messageInfo.getRequest(), 0, reqInfo.getBodyOffset());
} else if (this.isRequestBody()) {
reqMessage = Arrays.copyOfRange(messageInfo.getRequest(), reqInfo.getBodyOffset(), messageInfo.getRequest().length);
}
}
fostm.write(reqMessage);
fostm.write(StringUtil.getBytesRaw(HttpUtil.LINE_TERMINATE));
}
if ((this.isResponseHeader() || this.isResponseBody()) && messageInfo.getResponse() != null) {
byte[] resMessage = messageInfo.getResponse();
if (!(this.isResponseHeader() && this.isResponseBody())) {
IResponseInfo resInfo = BurpExtender.getHelpers().analyzeResponse(resMessage);
if (this.isResponseHeader()) {
resMessage = Arrays.copyOfRange(messageInfo.getResponse(), 0, resInfo.getBodyOffset());
} else if (this.isResponseBody()) {
resMessage = Arrays.copyOfRange(messageInfo.getResponse(), resInfo.getBodyOffset(), messageInfo.getResponse().length);
}
}
fostm.write(resMessage);
fostm.write(StringUtil.getBytesRaw(HttpUtil.LINE_TERMINATE));
}
}
} catch (IOException ex) {
logger.log(Level.SEVERE, ex.getMessage(), ex);
} catch (Exception ex) {
logger.log(Level.SEVERE, ex.getMessage(), ex);
}
return file;
}
Also used :
IResponseInfo(burp.IResponseInfo)
FileOutputStream(java.io.FileOutputStream)
IOException(java.io.IOException)
File(java.io.File)
BufferedOutputStream(java.io.BufferedOutputStream)
IRequestInfo(burp.IRequestInfo)
IOException(java.io.IOException)
Example 5 with IResponseInfo
use of burp.IResponseInfo in project YaguraExtender by raise-isayan.
the class JSearchTab method search.
public /*synchronized*/
void search(String text) {
this.querying = true;
this.btnSearch.setText("Stop");
// all clear
this.modelSearch.removeAll();
JSearchProperty searchProp = getProperty();
Pattern p = MatchUtil.compileRegex(text, searchProp.isSmartMatch(), searchProp.isRegexp(), searchProp.isIgnoreCase());
IHttpRequestResponse[] messageInfo = BurpExtender.getCallbacks().getProxyHistory();
try {
this.lblProgress.setText(String.format(SEARCH_PROGRESS, 0.0));
for (int i = 0; i < messageInfo.length; i++) {
HttpMessageItem item = new HttpMessageItem(messageInfo[i], i);
Matcher m = null;
boolean find = false;
do {
String encoding = StandardCharsets.ISO_8859_1.name();
if (this.getAutoRecogniseEncoding()) {
encoding = item.getGuessCharset();
}
if (this.chkScopeOnly.isSelected()) {
if (!BurpExtender.getCallbacks().isInScope(item.getUrl())) {
continue;
}
}
if ((searchProp.isRequestHeader() || searchProp.isRequestBody()) && item.getRequest() != null) {
byte[] reqMessage = item.getRequest();
if (!(searchProp.isRequestHeader() && searchProp.isRequestBody())) {
IRequestInfo reqInfo = BurpExtender.getHelpers().analyzeRequest(reqMessage);
if (searchProp.isRequestHeader()) {
reqMessage = Arrays.copyOfRange(item.getRequest(), 0, reqInfo.getBodyOffset());
} else if (searchProp.isRequestBody()) {
reqMessage = Arrays.copyOfRange(item.getRequest(), reqInfo.getBodyOffset(), item.getRequest().length);
}
}
String req = StringUtil.getStringCharset(reqMessage, encoding);
m = p.matcher(req);
if (m.find()) {
find = true;
break;
}
}
if ((searchProp.isResponseHeader() || searchProp.isResponseBody()) && item.getResponse() != null) {
byte[] resMessage = item.getResponse();
if (!(searchProp.isResponseHeader() && searchProp.isResponseBody())) {
IResponseInfo resInfo = BurpExtender.getHelpers().analyzeResponse(resMessage);
if (searchProp.isResponseHeader()) {
resMessage = Arrays.copyOfRange(item.getResponse(), 0, resInfo.getBodyOffset());
} else if (searchProp.isResponseBody()) {
resMessage = Arrays.copyOfRange(item.getResponse(), resInfo.getBodyOffset(), item.getResponse().length);
}
}
String res = StringUtil.getStringCharset(resMessage, encoding);
m = p.matcher(res);
if (m.find()) {
find = true;
break;
}
}
if (searchProp.isComment() && item.getComment() != null) {
m = p.matcher(item.getComment());
if (m.find()) {
find = true;
break;
}
}
this.lblProgress.setText(String.format(SEARCH_PROGRESS, (double) i / messageInfo.length * 100.0));
} while (false);
if (m != null && find) {
// item.dump(); // debug
this.modelSearch.addRow(new ResultView(item, item.getOrdinal()));
}
if (this.cancel) {
break;
}
}
} catch (Exception ex) {
logger.log(Level.SEVERE, ex.getMessage(), ex);
} finally {
this.cancel = false;
this.querying = false;
this.btnSearch.setText("Search");
this.lblProgress.setText(String.format(SEARCH_PROGRESS, 100.0));
}
}
Also used :
Pattern(java.util.regex.Pattern)
Matcher(java.util.regex.Matcher)
JSearchProperty(yagura.model.JSearchProperty)
IRequestInfo(burp.IRequestInfo)
IHttpRequestResponse(burp.IHttpRequestResponse)
HttpMessageItem(yagura.model.HttpMessageItem)
IResponseInfo(burp.IResponseInfo)
ResultView(yagura.model.ResultView)
Aggregations
IResponseInfo (burp.IResponseInfo)10
IRequestInfo (burp.IRequestInfo)5
IOException (java.io.IOException)3
IParameter (burp.IParameter)2
Document (org.w3c.dom.Document)2
SAXException (org.xml.sax.SAXException)2
UniversalViewProperty (yagura.model.UniversalViewProperty)2
Getter (burp.Getter)1
IHttpRequestResponse (burp.IHttpRequestResponse)1
IHttpService (burp.IHttpService)1
Gson (com.google.gson.Gson)1
HttpClient (http.HttpClient)1
BufferedOutputStream (java.io.BufferedOutputStream)1
File (java.io.File)1
FileOutputStream (java.io.FileOutputStream)1
Matcher (java.util.regex.Matcher)1
Pattern (java.util.regex.Pattern)1
ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)1
GraphQLQuery (models.graphql.GraphQLQuery)1
AuthenticationException (org.apache.http.auth.AuthenticationException)1
