Burp community forum

Adding GetSiteMap() to Carbonator

K | Last updated: Aug 31, 2015 03:53PM UTC

I'm attempting to add to the carbonator extension a method for extracting the sitemap URLs into a text file. The code I have written so far is below, and the output I get is 'array(burp.IHttpRequestResponse)'. I know I need to call the IHttpRequestResponse interface somehow to tap into the array. I import it from burp at the beginning of the code, but when I add that call to the BurpExtender class it throws an error about the url being read-only. I'm relatively new to writing Burp extensions and reading APIs in general, so any help or positive input is appreciated. def generateSiteMap(self, urlprefix): self.sitemap_results = self._callbacks.getSiteMap(urlprefix) sitemap_file = open('SiteMap.txt', 'a') print self.sitemap_results for item in range(len(self.sitemap_results)): print self._helpers.analyzeRequest(self.sitemap_results[item].getRequest()).getUrl() sitemap_file.close() return

PortSwigger Agent | Last updated: Sep 01, 2015 01:32PM UTC

The only API methods that throw an exception with the phrase "read-only" are setter methods, indicating that your code tried to set, rather than get, the URL. Can you verify that you aren't doing this anywhere? The full extension stack trace should indicate the method you are calling when the problem occurs. Finally, if the problem persists, please can you send us the full code for your extension and we'll try to reproduce the issue? Thanks.

Burp User | Last updated: Sep 08, 2015 01:24PM UTC

Thanks for the response. After some more troubleshooting it looks like the getSiteMap array is actually coming back blank. Here is the link to the github where I have the code stored: https://github.com/n03lx/carbonator. Any help is appreciated. Thanks!

PortSwigger Agent | Last updated: Sep 08, 2015 01:54PM UTC

The getSiteMap() method returns an array of site map items that match a specific prefix, or everything if the prefix is null. If the returned array is empty, I would suggest (a) checking that your prefix is valid, or trying null instead; (b) checking that your site map contains some content at the time the method is called.

Burp User | Last updated: Sep 08, 2015 05:51PM UTC

I believe the prefix I am using is valid. However, when I use the null value to return the array this is what I get: [array(burp.IHttpRequestResponse, [burp.cpc@44f79a20, burp.cpc@7979b0e2, burp.cpc@59c895f2, burp.cpc@2d0dbc15, burp.cpc@5553050e, burp.cpc@619951e6, burp.cpc@7ce33f22, burp.cpc@3c4ec9bf, burp.cpc@71f8c04d, burp.cpc@5a45a9f5, burp.cpc@3f3a97b0, burp.cpc@7573a2d9, burp.cpc@42befe92, burp.cpc@35c3fd31, burp.cpc@5eaf6b2e, burp.cpc@36227f48, burp.cpc@3dd5d70, burp.cpc@29dd124f, burp.cpc@c8eea41, burp.cpc@29730ca7, burp.cpc@402ce224, burp.cpc@122cf04, burp.cpc@7a85f183])]. Is there something I am missing to get the actual sites discovered to be shown instead?

Burp User | Last updated: Sep 08, 2015 07:30PM UTC

I figured it out. Check the github repo if you're interested.

You need to Log in to post a reply. Or register here, for free.