Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

currentRequest response waiting for numerous new modified Http requests to complete

Matrix | Last updated: Feb 27, 2023 12:16PM UTC

I am trying to create a BURP extension which takes current request and grabs path from it and add some custom_path and create http request using headers from currentRequest. The paths are a total of 200 My problem is that the currentRequest waits for newPaths http requests to complete and then its response completes. I am also using threading asynchronous but it takes a lot of unnecessary time, i don't want to continue waiting for newPaths http requests before currentRequest's response to complete my sample code looks like this ``` from burp import IBurpExtender, IHttpListener, IBurpExtenderCallbacks from java.io import PrintWriter from java.net import URL from threading import Thread import threading class BurpExtender(IBurpExtender, IHttpListener): def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() callbacks.setExtensionName("Example Extension") callbacks.registerHttpListener(self) def processHttpMessage(self, toolFlag, messageIsRequest, currentRequest): if messageIsRequest: if toolFlag == IBurpExtenderCallbacks.TOOL_PROXY or toolFlag == IBurpExtenderCallbacks.TOOL_REPEATER: self.perform_logic(currentRequest) def send_request(self, http_service, request_bytes): response = self._callbacks.makeHttpRequest(http_service, request_bytes) def perform_logic(self, currentRequest): # New path logic here self.send_request(currentRequest.getHttpService(), self._helpers.stringToBytes(NewReqs)) ```

Matrix | Last updated: Feb 28, 2023 05:45AM UTC

I have already tried ansync , threading and lock implementations , but none helps. Am i missing something. I only need currentRequest for new_paths generation and sending new requests . Is there any other way to access currrentRequest which do hold the request and don't take any processing time.

Hannah, PortSwigger Agent | Last updated: Feb 28, 2023 10:45AM UTC

Hi Could you describe in more detail what you are trying to achieve with your extension? For example, are you trying to provide some authentication mechanism or send some requests to the Scanner for auditing? If you'd like us to have a look at your extension, you can drop us an email at support@portswigger.net

Matrix | Last updated: Feb 28, 2023 12:31PM UTC

I am analyzing http request from proxy on the fly as it goes , and grabbing the input_path and adding some custom modification to these input_paths like input_path/path1 input_path/path2 input_path/path3 .... .... inpout_path/path200 When i am seding modified http requests with these 200 paths the original requests waits for these new modified requests to get completed only then it is sent by burp. I want to send and complete the original request before the modified requests are sent. My code is clean and i am also using threading , it exactly looks like this ``` from burp import IBurpExtender, IHttpListener, IBurpExtenderCallbacks from java.io import PrintWriter from java.net import URL from threading import Thread import threading class BurpExtender(IBurpExtender, IHttpListener): def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() callbacks.setExtensionName("Path Modifier") callbacks.registerHttpListener(self) def processHttpMessage(self, toolFlag, messageIsRequest, currentRequest): if messageIsRequest: if toolFlag == IBurpExtenderCallbacks.TOOL_PROXY or toolFlag == IBurpExtenderCallbacks.TOOL_REPEATER: # modified_path logic here for modified_request in modified_requests: self.send_request(currentRequest.getHttpService(),self._helpers.stringToBytes(modified_request)) def send_request(self, http_service, request_bytes): response = self._callbacks.makeHttpRequest(http_service, request_bytes) ``` Using this code , the original request is waiting for modified requests to complete first. And it is taking forever for original requests invoked from browser to complete. should i use some other built in function so this do not happen. any hints would be great. Thanks

Hannah, PortSwigger Agent | Last updated: Mar 02, 2023 10:45AM UTC

Hi You mention that you are using threading, would this be inside your modified_path_logic? If you perform your path logic and send the resulting requests in a separate, non-blocking thread, do you still have this issue?

Matrix | Last updated: Mar 02, 2023 06:03PM UTC

Yes i was using threading inside processHttpMessage function when creating modifed requests. What i had tried: I had tried both IHttpListener and IProxyListener interface with defined functions processProxyMessage and processHttpMessage. But they would wait for all threaded modified https requests to complete before original request/response could complete. How i solved it: I used doPassiveScan built in function in IScannerCheck to access original request and perform path logic and then send multiple modified requests without blocking/interfering with my original request/response time. I can then see my results in loggerPlusPlus. Thanks you for your suggestions anyway. =)

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.