Burp Suite User Forum

Login to post

Extension to get the position of markers

dh0ck | Last updated: Feb 01, 2021 04:18PM UTC

Hi, I'm trying to create a python extension that retrieves the list of markers from the request that is currently on the Positions tab in Intruder. I know I need to use the getRequestMarkers() method at some point, but I can't figure out how. I can access the IHttpRequestResponse object of all requests in Proxy History, but I'm not sure how they relate to the one sent to Intruder. If the markers have already been applied, then the IHttpRequestResponse object automatically becomes of the type IHrrpRequestResponseWithMarkers? Alternatively it would be enough for me to use the method use by Intruder to determine where the markers should be placed, but I wasn't able to find such a method in the API. I appreciate any tips on how to approach this issue, as I couldn't find much documentation or examples that help me understand this. Thanks!

Hannah, PortSwigger Agent | Last updated: Feb 03, 2021 03:24PM UTC

Hi Could you provide some more details on what you're wanting to do with the list of markers? Have you tried looking at any extensions that may have this functionality? All BApp Store extensions have their code publicly available on GitHub - https://github.com/PortSwigger

dh0ck | Last updated: Feb 05, 2021 11:12AM UTC

Hello, Thank you for your answer. Sometimes I need to use intruder for requests with LOTS of Post parameters and cookies (sometimes over a hundred), and intruder gives the "index" of the parameter it just replaced with a payload, but in these cases it's inconvenient to search in the modified request what parameter was replaced in each case. As far as I know, Intruder does not provide in the result table the name of the parameter it has replaced with a payload, only its "index" (in the "Payload" column of said table). My idea was to create an extension that finds the name of all parameters to whose value the markers have been applied in the Positions tab in Intruder. And then, when right clicking on each row in the Intruder results table a new entry in the context menu would "convert" that parameter index to the parameter name and show it. Or something along those lines. I have made some progress since my initial post, and now I can retrieve the marker positions of a message to which I have applied markers myself. So what is left is to access the IHttpRequestResponseWithMarkers object that is used by Intruder, with all the markers applied. This is where I'm stuck now. I would appreciate any suggestions on how to get this object. I have also found the getText() method of the ITextEditor message. Does it return the markers? Maybe I can try in this way for the message box in the Intruder Positions tab. Thanks again!

Hannah, PortSwigger Agent | Last updated: Feb 08, 2021 02:50PM UTC

Hi Nothing I could find in the Extender API mentioned returning any IHttpRequestResponseWithMarkers items, other than IBurpExtenderCallbacks.applyMarkers(). IIntruderAttack.getRequestTemplate() returns a byte array with the request template - if this includes the $$ signs to denote parameters, it may be helpful. Alternatively, when you run a scan (audit), that should use the same insertion points to those automatically detected by Intruder. It's not quite the same, as it's using the scanner tool rather than intruder, but you could implement the IScannerInsertionPoint class to retrieve details about the parameters during a scan (doActiveScan() and doPassiveScan() )?

dh0ck | Last updated: Feb 09, 2021 12:00PM UTC

Thanks! I'll try your suggestions. If I make it work somehow I'll share here how. Regards!

dh0ck | Last updated: Feb 09, 2021 12:00PM UTC

Thanks! I'll try your suggestions. If I make it work somehow I'll share here how. Regards!

dh0ck | Last updated: Feb 10, 2021 10:51AM UTC

I'm having troubles calling IIntruderAttack.getRequestTemplate(), if I don't pass any argument there is this error: TypeError: getRequestTemplate(): expected 1 args; got 0 But if I pass any argument (either a message object or anything, really, a number, a string) it always gives this other error: TypeError: getRequestTemplate(): self arg can't be coerced to burp.IIntruderAttack From the method description in the API I think no arguments are necessary, but seems like it needs something. I tried this after launching an intruder attack also, but nothing changed. Any idea what can be the issue? I can't find any extension using this feature. Sorry for all the questions, and thanks again!

Hannah, PortSwigger Agent | Last updated: Feb 11, 2021 12:19PM UTC

Hi! I've had a look through our forked repo's on the PortSwigger GitHub, and there's only one extension I could spot that uses the getRequestTemplate function. Unfortunately, it's written in Ruby rather than in Python, so there are some syntax differences but it may help: https://github.com/tduehr/buby/blob/f7b254fe65cd1579a8be973e7752f4041d005a72/lib/buby/implants/intruder_attack.rb It looks like you may have to register an IIntruderPayloadGeneratorFactory to be able to use this - it takes an IIntruderAttack as an argument in there. Apologies if you've already tried this.

You need to Log in to post a reply. Or register here, for free.