Burp Suite User Forum

Create new post

Multiple IMessageEditorTab

sourav | Last updated: Nov 15, 2023 07:59AM UTC

I am working on creating two IMessageEditorTabs, one for requests and the other for responses. I know that I could use just one IMessageEditorTab and check whether the message is a request or response inside it. However, I have completely different logic for both request and response and I would like to keep them separate. I tried using just one IMessageEditorTab and checking whether it was a request or response using the isRequest method. The only problem is that the getMessage method doesn't provide any way to detect whether it's a request or response message. So, I decided to create two separate IMessageEditorTabs. It worked fine as I wanted, but sometimes I only see one tab either in the request or the response. For the same request in the proxy history, I can see IMessageEditorTab for both the request and the response. However, when I send the same request to the repeater and have the same request and response, it still only shows one IMessageEditorTab. What I want is to check if the response or request is being edited within the IMessageEditorTab or better ways to have two IMessageEditorTab class BurpExtender(IBurpExtender,IMessageEditorTabFactory,IMessageEditorController): def registerExtenderCallbacks(self, callbacks): request_tab_factory = RequestFactory(self) response_tab_factory = ResponseFactory(self) callbacks.registerMessageEditorTabFactory(request_tab_factory) callbacks.registerMessageEditorTabFactory(response_tab_factory) class RequestFactory(IMessageEditorTabFactory): def __init__(self, extender): self.extender = extender self.callbacks = self.extender.callbacks def createNewInstance(self, controller, editable): return requesttab(self.extender, controller, editable) class ResponseFactory(IMessageEditorTabFactory): def __init__(self, extender): self.extender = extender self.callbacks = self.extender.callbacks def createNewInstance(self, controller, editable): return responsetab(self.extender, controller, editable)

Hannah, PortSwigger Agent | Last updated: Nov 15, 2023 02:57PM UTC

Hi Burp calls the "setMessage()" function and passes in the "isRequest" flag. You can use this to determine if the message in question is a request or response. After setting that you can use that flag to determine the UI components that are returned. If you're using the Montoya API, then these additional editor tabs are split out into request and response tabs from the outset. You can check this out in this example: https://github.com/PortSwigger/burp-extensions-montoya-api-examples/tree/main/customrequesteditortab

sourav | Last updated: Nov 16, 2023 05:51AM UTC

I have used the same "setMessage" method with "isRequest" to verify it. I am trying to use the "isRequest" flag within "getMessage" function. def getMessage(self): if self._txtInput.isTextModified(): I want to check if the modified text is from a request or response. class MessageCustomTab(IMessageEditorTab): def __init__(self, extender, controller, editable): self._extender = extender self._editable = editable self._txtInput = extender._callbacks.createTextEditor() self._txtInput.setEditable(editable) def getUiComponent(self): return self._txtInput.getComponent() def isEnabled(self, content, isRequest): return True def setMessage(self, content, isRequest): if isRequest: request = self._extender.helpers.analyzeRequest(content) self._txtInput.setText(request) else: response = self._extender.helpers.analyzeResponse(content) self._txtInput.setText(response) self._currentMessage = content def getMessage(self): if self._txtInput.isTextModified(): pass else: return self._currentMessage

Hannah, PortSwigger Agent | Last updated: Nov 16, 2023 10:05AM UTC

Thanks for clarifying!

Any time the message editor is changed, setMessage() is called.

If you assign isRequest to a field that gets updated with the new value every time setRequest() is called, then you can use that field to determine whether the message is a request or not when getRequest(), or any other function, is called.

Please let me know if you need any further clarification.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.