Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Extension for applying intruder markers

Ander | Last updated: Feb 15, 2017 01:03AM UTC

We are developing and extension to reduce the number of parameters that should be tested (because they are already protected by our security tool). Is it possible to modify default markers for Intruder so that the parameters that we are protecting are not highlighted?

PortSwigger Agent | Last updated: Feb 15, 2017 09:21AM UTC

Yes. There is an overloaded version of sendToIntruder that lets you specify the offsets of the payload positions: https://portswigger.net/burp/extender/api/burp/IBurpExtenderCallbacks.html#sendToIntruder(java.lang.String,%20int,%20boolean,%20byte[],%20java.util.List)

Burp User | Last updated: Feb 15, 2017 06:21PM UTC

I see the method but I cannot find a way in which I can use it. I guess that I should implement IBurpExtenderCallbacks to override that function, but then, how should I register that new IBurpExtenderCallbacks back to be used in BURP?. As far as I understand IBurpExtender it only receives that object but I cannot see any option to register a modified object again

PortSwigger Agent | Last updated: Feb 16, 2017 08:44AM UTC

When your extension is loaded, Burp will call the extension's registerExtenderCallbacks() method and pass it an IBurpExtenderCallbacks object. Have a look at the sample extensions here if you are new to writing extensions: https://portswigger.net/burp/extender/

Burp User | Last updated: Feb 16, 2017 01:45PM UTC

Sorry, probably I did not explain it correctly. I have a running extension and therefore I've already created registerExtenderCallbacks() method. My intention is not send something to the intruder for example from doPassiveScan or something like that. What I would like to do is to override the default highlighting feature for every single time that a request is send to the intruder, i.e. when doing a right mouse click on target window on a request. Is it possible?

PortSwigger Agent | Last updated: Feb 16, 2017 03:07PM UTC

It isn't possible to override the default marker placement behavior. But your extension can register a custom context menu item (e.g. called "Send to Intruder with my markers"). In the handler for this menu item, you can get the request, calculate the position of the relevant markers, and call sendToIntruder. So in the UI, you'll just see an alternate way of sending to Intruder that does what you want.

Burp User | Last updated: Feb 16, 2017 04:27PM UTC

Ok, that works for me, I will try that. Thanks. The only missing piece them is that we would also like to be able to mark as disabled (or something similar) those requests that are not exploitable inside "Target" tab, is there any way to do that?, perhaps we could achieve that using registerHttpListener()?

PortSwigger Agent | Last updated: Feb 17, 2017 09:02AM UTC

You can use the comments or highlights feature for this purpose. These can be applied manually through the UI and programmatically through the API.

Burp User | Last updated: Feb 19, 2017 02:31PM UTC

Ok, good news I've already created a menu item to send a request to the Intruder with my custom highlights. That menu item is disabled when that request could not be attacked because it is completed protected by our software. But the bad news are that I tried to include "messageInfo.setHighlight("green");" using registerHttpListener() but it is not working as expected. I'm able to see that message in the selected color in "Proxy->Http History" view, but in "Target" view I don't see any color. Am I doing something wrong or it is not possible to change the color of the items inside target? Thanks for your help anyway

Burp User | Last updated: Feb 19, 2017 03:02PM UTC

I found one possible solution but it is not perfect, If I do this: this.callbacks.registerHttpListener(new IHttpListener() { @Override public void processHttpMessage(final int toolFlag, final boolean messageIsRequest, final IHttpRequestResponse messageInfo) { if (!hdivProtected(messageInfo)) { messageInfo.setHighlight("red"); messageInfo.setComment("Not Protected"); } callbacks.addToSiteMap(messageInfo); } }); And I activate "show only commented items" filter in "Target" view, I'm able to see the attackable URLs but I would prefer to see if there is any better solution. Strangely I'm able to see the comment (when I use addToSiteMap) but I cannot see the highlight color

PortSwigger Agent | Last updated: Feb 20, 2017 09:13AM UTC

Highlights and comments are tied to items in the Proxy history and site map independently. If you apply them to an item in one place, they don't automatically carry over to the corresponding item in the other place. If you want the logic that applies comments to be triggered by the Proxy, then you could use the API to retrieve the relevant item from the site map, and apply the comment to that: https://portswigger.net/burp/extender/api/burp/IBurpExtenderCallbacks.html#getSiteMap(java.lang.String)

Burp User | Last updated: Feb 21, 2017 09:59AM UTC

I don't completely understand your answer sorry, currently I'm able to see the comment I insert inside siteMap, however highlight is not working as expected (it should be red): messageInfo.setHighlight("red"); messageInfo.setComment("Not Protected"); Is highlight property ignored by siteMap?

PortSwigger Agent | Last updated: Feb 21, 2017 10:04AM UTC

Ok, thanks. This looks like an oversight in that highlights are not being processed in the call to addToSiteMap(). We'll get this fixed.

PortSwigger Agent | Last updated: Feb 28, 2017 02:09PM UTC

Just to let you know that we've fixed this problem in today's release (1.7.18). Thanks again for your feedback, and please let us know if you run into any other problems.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.