Burp Suite User Forum

Login to post

IMessageEditor does not show markers

Jason | Last updated: Sep 23, 2019 01:58AM UTC

When I set up a marked request or response for a IMessageEditor instance, it does not appear to be honored. The editor loads the message okay, but there aren't any markers on it. So if I do something like this: int[] markers = {1,10}; List<int[]> requestMarkers = new ArrayList<>(); requestMarkers.add(markers); markedRequestResponse = callbacks.applyMarkers(requestResponse, requestMarkers, responseMarkers); requestEditor = callbacks.createMessageEditor(this, false); requestEditor.setMessage(markedRequestResponse.getRequest(), true); Is this because markers aren't implemented yet in IMessageEditor or am I missing something? If this isn't feasible, do you think you could come up with an interface that would get me access to the JTextArea (or whatever component) has the Raw tab text in it so I can create a selected text area? Currently I'm building from scratch and using a selection caret to mark locations (in Paramalyzer).

Mike, PortSwigger Agent | Last updated: Sep 24, 2019 10:32AM UTC

Hi Jason, Markers should be implemented in IMessageEditor. When you retrieve the data after calling @markedRequestResponse.getRequest()@ can you convert it to a string and confirm that markers are present at the specified indexes?

Lukas | Last updated: Jun 25, 2020 07:04PM UTC

Dear PortSwigger Team I am having the same issue as described above. The method callbacks.applyMarkers does not add markers and consequently, they are not displayed in IMessageEditor. I am using Burp Suite v2020.5 and v2020.5.1 with Python. Below you’ll find a PoC extension, which should reproduce the problem. While loading the extension, it iterates through all request/response items of the proxy history and applies markers to all HTTP request headers 'Host'. At the end of the script, the PoC compares the contents of the original request and the updated request containing the markers. In my tests, the string comparison showed that these two requests are the same, and therefore, the message “Applied markers” (see last line) was never printed to stdout. Based on this observation, I conclude that method applyMarkers did not do anything and just returned the original request/response item. Can you tell me what’s wrong? Thanks a lot and cheers Lukas PoC Extension from burp import IBurpExtender from jarray import array import re class BurpExtender(IBurpExtender): def __init__(self): self._callbacks = None self._helpers = None self._regex = re.compile("^Host: .*$", re.IGNORECASE | re.MULTILINE) def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() self.iterate() def iterate(self): for message_info in self._callbacks.getProxyHistory(): markers = [] # Start and end positions of HTTP request header 'Host' for item in self._regex.finditer(self._helpers.bytesToString(message_info.getRequest())): marker = array([item.start(), item.end()], 'i') markers.append(marker) # If at least one HTTP request header 'Host' exists, then apply markers and perform comparison if markers: message_info_with_markers = self._callbacks.applyMarkers(message_info, markers, None) message_info_with_markers_content = self._helpers.bytesToString(message_info_with_markers.getRequest()) message_info_content = self._helpers.bytesToString(message_info.getRequest()) print("markers: {0}".format(markers)) if message_info_with_markers_content != message_info_content: print("applied markers")

Uthman, PortSwigger Agent | Last updated: Jun 26, 2020 09:16AM UTC

Hi Lukas, Can you provide more information on the first part of your post? "While loading the extension, it iterates through all request/response items of the proxy history and applies markers to all HTTP request headers 'Host'." I am not seeing the behavior you describe above. Also, you have not implemented the IMessageEditor at all from what I can see in the code you have provided. Have you considered implementing a separate IMessageEditorTab that allows the markers to be applied to requests within that tab? You may find it beneficial to look at the code for published extensions here: - https://github.com/PortSwigger?q=&type=&language=python

Lukas | Last updated: Jul 06, 2020 06:44PM UTC

Hey Uthman Thank you very much for your fast response. I checked your above mentioned link (https://github.com/PortSwigger?q=&type=&language=python) but I am still not able to display markers in an IMessageEditor component. As a proof of my observation, I updated my above mentioned proof of concept (PoC) code. The updated version you'll find at the end of this message. The updated PoC code implements the ITab interface (see tab 'No Markers'), which just contains an IMessageEditor object. If you load the extension in Burp Suite by checking the 'Loaded' check box in tab 'Extender'/'Extensions', then the method 'iterate' is automatically executed. This method searches for the first request in the proxy history that contains the HTTP request header 'Host' and highlights this header using method callbacks.applyMarkers. Afterwards, it sets the IMessageEditor component to this newly created request (which contains the markers) as well as adds a new scan issue 'HTTP Request Header Host' containing this newly created request to Burp Suite's issues activity list (tab 'Dashboard'). By comparing the newly created request in the issues list with the request in the IMessageEditor component, you'll see that the scan issue displays the added marker(s) while the IMessageEditor object does not. PortSwigger's initial response (see above) states that "Markers should be implemented in IMessageEditor." but by using my PoC code, it actually does not. Can you verify and provide feedback. Thanks a lot for your help. Cheers Lukas # Begin PoC code import sys import re from burp import IBurpExtender from burp import ITab from burp import IScanIssue from java import awt from javax import swing from array import array class BurpExtender(IBurpExtender, ITab): def registerExtenderCallbacks(self, callbacks): sys.stdout = callbacks.getStdout() self.regex = re.compile("^Host: .*$", re.IGNORECASE | re.MULTILINE) self.callbacks = callbacks self.helpers = callbacks.getHelpers() self.callbacks.setExtensionName("Test") self.tab = swing.JPanel(awt.BorderLayout()) self.editor = callbacks.createMessageEditor(None, False) self.tab.add(self.editor.getComponent()) callbacks.addSuiteTab(self) self.iterate() def getTabCaption(self): return "No Markers" def getUiComponent(self): return self.tab def iterate(self): """ Iterate through the HTTP Proxy history and add the first request that contains an HTTP Request Header 'Host' to the Burp Suite's Issue List as well as display it in the IMessageEditor component in tab 'Test' """ for message_info in self.callbacks.getProxyHistory(): markers = [] # Start and end positions of HTTP request header 'Host' for item in self.regex.finditer(self.helpers.bytesToString(message_info.getRequest())): marker = array('i', [item.start(), item.end()]) markers.append(marker) # If at least one HTTP request header 'Host' exists, then apply markers and perform comparison if markers: # Apply marker message_info_with_markers = self.callbacks.applyMarkers(message_info, markers, None) if message_info_with_markers: # Set the IMessageEditor component to the newly created request of the newly created # IHttpRequestResponseWithMarkers object # Note: The IMessageEditor won't contain the newly created markers self.editor.setMessage(message_info_with_markers.getRequest(), True) # Add the scan issue to Burp Suite's issues list # Note: The issues list contains the markers self.callbacks.addScanIssue(CustomScanIssue( message_info.getHttpService(), self.helpers.analyzeRequest(message_info).getUrl(), [message_info_with_markers], "HTTP Request Header Host", "The request contains HTTP Request Header Host", "Information")) break # # class implementing IScanIssue to hold our custom scan issue details # class CustomScanIssue (IScanIssue): def __init__(self, httpService, url, httpMessages, name, detail, severity): self._httpService = httpService self._url = url self._httpMessages = httpMessages self._name = name self._detail = detail self._severity = severity def getUrl(self): return self._url def getIssueName(self): return self._name def getIssueType(self): return 0 def getSeverity(self): return self._severity def getConfidence(self): return "Certain" def getIssueBackground(self): pass def getRemediationBackground(self): pass def getIssueDetail(self): return self._detail def getRemediationDetail(self): pass def getHttpMessages(self): return self._httpMessages def getHttpService(self): return self._httpService # End PoC code

Hannah, PortSwigger Agent | Last updated: Jul 09, 2020 07:59AM UTC

Hi Lukas Could you please email us at support@portswigger.net with a copy of your POC extension, or provide a link to GitHub? There is no indentation on the copy you've sent, and whilst I've tried putting it back in, I've been getting parsing errors from Jython. Cheers!

You need to Log in to post a reply. Or register here, for free.