Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

getSelectionBounds() function return wrong indexes when message contains Chinese

bit4woo | Last updated: Apr 17, 2020 02:15PM UTC

I try to get selected content with function "getSelectionBounds()". but I found it return wrong indexes when message contains Chinese, and Chinese is in front of the selected. here is the code of test: source = message.getResponse(); int[] selectedIndex = invocation.getSelectionBounds(); int selectedLength = selectedIndex[1]-selectedIndex[0]; byte[] selectedBytes = new byte[selectedLength]; System.arraycopy(source, selectedIndex[0], selectedBytes, 0, selectedLength); String selectedUrl = new String(selectedBytes); stdout.println("selected content"); stdout.println(selectedUrl); you can test with this URL https://intl.sf-express.com/ in the response, I want to select: https://www.sf-express.com/.galleries/favicon.ico but got: l="shortcut icon" href="https://www.sf-express.co it seems that the indexes move front.

bit4woo | Last updated: Apr 17, 2020 02:26PM UTC

some screen shot of the bug, you can download it for more information https://send.firefox.com/download/e465b1d152fcf8c5/#qMbn4RiqhdT8P6-A2nCV7w

Hannah, PortSwigger Agent | Last updated: Apr 17, 2020 03:16PM UTC

Do you see the same issue when there are not Chinese (or other multibyte characters) characters present?

Micheal | Last updated: Jun 08, 2023 07:03PM UTC

I found this same issue with my Jython extension. Without multibyte characters, the extension worked as expected. With multibyte characters, the extension worked as expected when selecting before the multibyte character, and off-by-x for each extra byte before the selection. As a work-around in Jython, you can call `.tostring()` on the response byte array, like so: ```python source = message.getResponse().tostring() # now the indices should work selectedIndex = invocation.getSelectionBounds() selectedUrl = source[selectedIndex[0]:selectedIndex[1]] print("selected content"); print(selectedUrl); ``` I'm unsure how well this would port to Java, though.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.