Burp Suite User Forum

Create new post

IMessageEditorTab only for scope URL

sourav | Last updated: Dec 26, 2022 07:04PM UTC

I am trying to add a custom tab for requests using IMessageEditorTabFactory and IMessageEditorTab in python. I am trying to get details of the request and check if the URL is in scope or not and it shows a tab for the scope URL. I am able to analyse the request like get method or header, but if I try to use geturl I get an error "java.lang.UnsupportedOperationException: This IRequestInfo object was created without any HTTP service details, so the full request URL is not available. To obtain the full URL, use one of the other overloaded methods in IExtensionHelpers to analyze the request." the same code is able to get the HTTP method, Header and all the details but gives an error to get the URL. ``` def isEnabled(self, content, isRequest): if isRequest: request = self._extender.helpers.analyzeRequest(content) self._extender.callbacks.printOutput(str(request.getHeaders())) self._extender.callbacks.printOutput(str(request.getMethod())) self._extender.callbacks.printOutput(str(request.getUrl())) return True ```

Liam, PortSwigger Agent | Last updated: Dec 27, 2022 10:42AM UTC

Thanks for your message, Sourav. Is the purpose of the new tab to check if the URL is in scope?

sourav | Last updated: Dec 27, 2022 01:30PM UTC

The extension will perform some security checks on the request body in background and will show the output in request tab which also allow users to modified add custom checks for the script. Since the task will check for vulnerabilities using manual and automation i only want to enabled this tab is url is in scope.

Liam, PortSwigger Agent | Last updated: Dec 28, 2022 02:42PM UTC

Which version of Burp are you using? Which tool is being used to generate the request? You need to pass in the service to work around this exception. You can get the service from the IMessageEditorController: - https://portswigger.net/burp/extender/api/burp/imessageeditorcontroller.html

sourav | Last updated: Dec 28, 2022 03:01PM UTC

The code is using IMessageEditorTab and not sure if I can use IMessageEditorController to get the request. I want to get the scope URL of the currently displayed request in repeater or proxy intercept or proxy history. If it's in scope then only I want to show my extension tab near raw, pretty hex etc. You can verify the same from the below example extension from portswigger itself. I want the ```def isEnabled``` only if the URL is in scope. But I am not able to get the URL for the current request. https://github.com/PortSwigger/example-custom-editor-tab/blob/master/python/CustomEditorTab.py

sourav | Last updated: Dec 28, 2022 03:23PM UTC

I have tried to get the scope URL for the demo extension as well. https://github.com/PortSwigger/example-custom-editor-tab/blob/master/python/CustomEditorTab.py Modified code - https://replit.com/@SouravKalal/BurpCustomEditorTab#main.py The modified code is unable to get the full URL and port. The IMessageEditorTab is unable to get details from IHttpService

Hannah, PortSwigger Agent | Last updated: Jan 04, 2023 04:03PM UTC


In order to retrieve the URL, you will need to use analyzeRequest(IHttpService httpService, byte[] request) rather than analyzeRequest(byte[] request).

You can retrieve the service for the request using controller.getHttpService(). Please be aware that the controller may be null, so you will need to put in appropriate error handling.

Please let us know how you get on!

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.