Burp Suite User Forum

Create new post

BurpSuite Custom Header extension

Joe | Last updated: Mar 09, 2023 05:12PM UTC

I am attempting to write a custom Burp extension based on the example code from https://github.com/PortSwigger/burp-extensions-montoya-api-examples/tree/main/customlogger. The plugin is intended to perform the following actions: 1. Take custom headers from a JTextField. 2. Set these headers in every request via RequestToBeSentAction. However, I am encountering an issue where the values set in the JTextField are not present in the modified request. I have shared my code in the following links: CustomLogger.java: https://codeshare.io/km8QQM MyHttpHander.java: https://codeshare.io/PdEooe MyTableModel.java: https://codeshare.io/6pk0Rg The logic to create text area inputs for headers is as follows: textArea=new JTextArea("X:1"); String text = textArea.getText(); String[] lines = text.split("\n"); headerlist = new ArrayList<>(); for (String line : lines) { // headerlist.add(line); String[] keyvalue = line.split(":"); headerlist.add(httpHeader(keyvalue[0], keyvalue[1])); api.logging().logToOutput(line); api.logging().logToOutput(keyvalue[0] + ":"+keyvalue[1]); } In the initialize function, I registered the HttpHandler as follows: api.http().registerHttpHandler(new MyHttpHandler(tableModel, headerlist)); Despite this, the newly added headers from the text area are not being included in the requests. I am not sure whether I need to synchronize the values of textArea, as my knowledge in programming is limited. Any help would be greatly appreciated. Thank you.

Hannah, PortSwigger Agent | Last updated: Mar 10, 2023 09:14AM UTC

Hi Have you tried using a session handling rule for this behavior instead? You can find this by going to "Settings > Sessions > Add > Add > Set a specific header value". Alternatively, an extension in the BApp Store called "Add custom header" also has this functionality. You could use that extension or look at their source code to see how they've implemented it.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.