Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp API - IContextMenuInvocation - Modified request/response access/hinting

Gabriel | Last updated: Oct 10, 2017 03:38PM UTC

In the Burp extender API when retrieving the selected messages from the proxy history, I don't see any way to know if the selection occurs into a modified response/request panel or the original one. IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_REQUEST IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_RESPONSE are the only indicators available. Additionally the IHttpRequestResponse object does not seems to allow to retrieve the data from the "Edited" tabs or other "auto-modified" tabs. When one want to retrieve a selected text from such modified tab ,via IContextMenuInvocation.getSelectionBounds(), this will lead to something invalid, as the selection bounds will be referring to the modified version of the request/response and only the original version are available.

PortSwigger Agent | Last updated: Oct 10, 2017 03:52PM UTC

Hi Gabriel, Thanks for reporting this. Unfortunately the current API doesn't let you do this. We do have a story on the backlog to address this (someone else reported the same a while ago). However, it's quite a difficult change so it's unlikely to be looked at until we do the major refactor of the API. Please let us know if you need any further assistance.

Burp User | Last updated: Oct 10, 2017 10:37PM UTC

Sad face. Maybe make the selected text/data available in IContextMenuInvocation directly ?

PortSwigger Agent | Last updated: Oct 11, 2017 08:51AM UTC

Hi Gabriel, That is a very good suggestion, to do what you need with minimal changes. We may be able to get this bumped up the priorities, but I'm afraid it's likely to still take some time.

Burp User | Last updated: Dec 12, 2017 04:33PM UTC

Any ETA on this ?

PortSwigger Agent | Last updated: Dec 12, 2017 04:35PM UTC

Hi Gabriel, Thanks for following up. Unfortunately we don't have an ETA, and it is likely to be a considerable amount of time.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.