Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

A bug in BurpExtension that causes the response to be determined to have changed.

isayan | Last updated: Feb 13, 2023 12:20PM UTC

In BurpExteion IProxyListener(Legacy API) and ProxyResponseHandler (montoya API), Burp interprets the response as modified even though it is not. If you check the Burp history, you will see that the response "Original Response/Edit Response" will always be displayed For Sample Code * Montoya API public class BurpMontoyaExtension implements BurpExtension { @Override public void initialize(MontoyaApi api) { api.extension().setName("montoya api bug"); api.proxy().registerRequestHandler(new NotModifyHttpRequestHandler()); api.proxy().registerResponseHandler(new NotModifyHttpResponseHandler()); } private static class NotModifyHttpRequestHandler implements ProxyRequestHandler { @Override public ProxyRequestReceivedAction handleRequestReceived(InterceptedRequest interceptedRequest) { return ProxyRequestReceivedAction.intercept(interceptedRequest); } @Override public ProxyRequestToBeSentAction handleRequestToBeSent(InterceptedRequest interceptedRequest) { return ProxyRequestToBeSentAction.continueWith(interceptedRequest, interceptedRequest.annotations()); } } private static class NotModifyHttpResponseHandler implements ProxyResponseHandler { @Override public ProxyResponseReceivedAction handleResponseReceived(InterceptedResponse interceptedResponse) { return ProxyResponseReceivedAction.continueWith(interceptedResponse); } @Override public ProxyResponseToBeSentAction handleResponseToBeSent(InterceptedResponse interceptedResponse) { return ProxyResponseToBeSentAction.continueWith(interceptedResponse); // return ProxyResponseToBeSentAction.continueWith(interceptedResponse, interceptedResponse.annotations()); } } } * Legacy API public class BurpExtender implements IBurpExtender { @Override public void registerExtenderCallbacks(IBurpExtenderCallbacks cb) { cb.registerProxyListener(new IProxyListener() { @Override public void processProxyMessage( boolean messageIsRequest, IInterceptedProxyMessage message) { // not modify } }); } }

isayan | Last updated: Feb 13, 2023 12:26PM UTC

This is an issue since Burp v2023.1

Hannah, PortSwigger Agent | Last updated: Feb 13, 2023 02:38PM UTC

Hi. Have you tested out our latest Early Adopter version of Burp? This issue should be fixed in that release. You can check out our release notes here: https://portswigger.net/burp/releases/professional-community-2023-2

You need to Log in to post a reply. Or register here, for free.