Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Can't check if URL is in scope with Burps Custom Scope

Jack | Last updated: Jul 25, 2023 04:11PM UTC

I have used the burp-extender-api previously to build an extension to Burp. One of the features of this extension was to check whether a request was in scope. I had the following lines of code to do this: URL intercepted_url = ResponsePatternMatcher.helpers.analyzeRequest(messageInfo).getUrl(); if (!inScopeOnly || ResponsePatternMatcher.callbacks.isInScope(intercepted_url))) { .. do stuff } Which only performs the functionality if the request is in scope. I have noticed recently since the changes to the scope control that it's no longer possible to check if the request is in the scope and callbacks.isInScope(intercepted_url) always returns false even if the intercepted URL is in scope. Is there anything I am doing wrong, or any alternative functionality in the burp-extender-api that will enable me to check if a URL is in scope? Thanks

Jack | Last updated: Jul 25, 2023 04:14PM UTC

Just FYI the isInScope method is the: boolean isInScope(java.net.URL url); method from: IBurpExtenderCallbacks

Dominyque, PortSwigger Agent | Last updated: Jul 26, 2023 12:36PM UTC

Hi Jack I can see that you are using the legacy API. We do recommend using the Montoya API to write your extensions (https://portswigger.github.io/burp-extensions-montoya-api/javadoc/burp/api/montoya/MontoyaApi.html) Would you be able to send us a screenshot of your scope rules as well as the URL you are passing?

Jack | Last updated: Jul 26, 2023 05:39PM UTC

Hi Dominyque, That makes sense, this is an extension I built a while back when only the legacy API was available hence why I am using the legacy methods - I will look to change to the Montoya API with this extension soon, but for now I would really like to fix this using the legacy API. Regarding additional screenshots, I can't attach them here unless there is a support email address I can use? Alternatively I will past the code in here. ------------------------------ Initially the call starts off from my processHttpMessage function within my main ResponsePatternMatcher class which implements the processHttpMessage method stub from the IHttpListener interface: public class ResponsePatternMatcher implements IBurpExtender, ITab, IHttpListener, IMessageEditorController, IExtensionStateListener { //Static Burp objects public static IBurpExtenderCallbacks callbacks; public static IExtensionHelpers helpers; ... @Override public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo){ service.execute(new MessageProcessor(toolFlag, messageIsRequest, messageInfo, gui)); } My processHttpMessage implementation makes a new thread passing the IHttpRequestResponse object (messageInfo) to it as well as a gui object which is a class that records the state of the GUI, such as whether the checkbox "inScopeOnly" has been ticked. The thread then invokes it's run() function, which starts off as follows: public void run() { try { URL intercepted_url = ResponsePatternMatcher.helpers.analyzeRequest(messageInfo).getUrl(); if (!inScopeOnly || ResponsePatternMatcher.callbacks.isInScope(intercepted_url)) { // Main functionality here that is no longer reached the inScopeOnly boolean value is set when the threads constructor: this.inScopeOnly = gui.getInScopeOnly(); ------------------------------ This used to work fine and I tested it extensively when I first implemented it. But I suspect since Burp's new method of defining scope and the option to use advance scope control has broken or changed the way callbacks.isInScope works. If I run this in debug mode and add https://portswigger.net/ to the scope either as a string or using advanced scope control, set a breakpoint at the above lines to check the values of the variables in run time, I can make see the following evaluations: intercepted_url > URL Object containing "https://portswigger.net:443/" ResponsePatternMatcher.callbacks.isInScope(new URL ("https://portswigger.net:443/")) > FALSE ResponsePatternMatcher.callbacks.isInScope(new URL ("https://portswigger.net/")) > FALSE ResponsePatternMatcher.callbacks.isInScope(new URL ("http://portswigger.net/")) > FALSE I am on the following platforms: Compiled with: Oracle OpenJDK 17.0.8 Tested against: Burp Suite Community Edition (2023.7.1) burp-extender-api (2.3) Thanks

Dominyque, PortSwigger Agent | Last updated: Jul 27, 2023 07:34AM UTC