Burp Suite User Forum

Login to post

Java extension Development: Determine if Request was edited

Pol | Last updated: Sep 02, 2021 12:59PM UTC

Hi, I'm developing a Burp Suite extension in Java, based on the "Custom logger" example here: https://portswigger.net/burp/extender#SampleExtensions I'd like to know how I can determine if a Request received by my logger was edited using the Proxy (i.e. on-the-fly edit, not Repeater). Thank you for any help.

Hannah, PortSwigger Agent | Last updated: Sep 02, 2021 01:20PM UTC

Hi Are you using the IHttpListener interface? If so, processHttpMessage() has a toolflag integer passed through that you could use to identify where the request came from. IBurpExtenderCallbacks.getToolName() will provide you with the name of the tool for the given toolflag int.

Pol | Last updated: Sep 02, 2021 01:45PM UTC

Hi Hannah, thanks for the quick reply. I am using IHttpListener, and I use getToolName() to get "Proxy", but I'd like to know if the request went through Proxy and was also modified on the way. If we go to Proxy -> HTTP history, the list of requests displays the columns "Params" and "Edited", and they are checked if the request contains Parameters and if the Request was modified by the Proxy tool. These are the fields that interest me and I'd also like to display in my extension's logger.

Hannah, PortSwigger Agent | Last updated: Sep 03, 2021 01:52PM UTC

Hi It doesn't look like it is possible to retrieve the information on whether a request has been edited or not. I can't find a relevant method in the Extender API for you and looking at other logging extensions like Flow and Logger++, they do not display this information (I'm sure if they could, they would). I could put this functionality in as a feature request. However, we would not be able to provide a timeframe for when this would be implemented.

Pol | Last updated: Sep 04, 2021 12:14PM UTC

Thank you Hannah. Yes, I'd definitely like this as a feature request.

Hannah, PortSwigger Agent | Last updated: Sep 06, 2021 10:59AM UTC

Thanks Pol, we've put that forward to the team!

You need to Log in to post a reply. Or register here, for free.