Burp Suite User Forum

Login to post

Order of operations for interoperability between two extensions

toobz | Last updated: Apr 27, 2022 09:55PM UTC

Hey there! I've got two custom extensions. One does a host redirect, and the other adds a custom cookie. I am running into an interesting problem that maybe obvious but I am not sure why. On the host redirect extension, I am using the following to build the request: ------------------------------------------------------------------------ messageInfo.setHttpService(self._helpers.buildHttpService(HOST_TO, httpService.getPort(), httpService.getProtocol())) ------------------------------------------------------------------------ And for the cookie addition, I am using the following to build the request: ------------------------------------------------------------------------ httpRequest = self._callbacks.getHelpers().buildHttpMessage(headers, body) messageInfo.setRequest(httpRequest) ------------------------------------------------------------------------ I am not able to leverage the new redirect hostname in the second extension where I add the header. Is this expected? Am I missing something or should be doing this differently?

toobz | Last updated: Apr 27, 2022 10:06PM UTC

I already tried to mimic the second extension by replacing the Host header but that does not work at all.

Hannah, PortSwigger Agent | Last updated: Apr 28, 2022 08:57AM UTC

Hi The order that extensions are loaded has an effect on how they interact - that's why you can move extensions up and down in your loaded extensions list. Are you certain that both extensions are attempting to modify the same object? When you say you tried to mimic the second extension, could you explain a bit more about how you tried to do that?

toobz | Last updated: Apr 28, 2022 03:55PM UTC

Hey Hannah, I experimented with the order of loading and no change. Can you confirm the order? (i.e. Are they are loaded top to bottom?) One is modifying the Host, one is modifying the Cookie header specifically. Both are operating on requests but they are using different objects to do the work. One is using the builtHTTPService, the other is using the builtHTTPMessage (Cookie header). So instead of using the buildHTTPService to override the host (example here: https://github.com/PortSwigger/example-traffic-redirector/blob/master/python/TrafficRedirector.py) I used the buildHTTPMessage to delete and override the Host header (which did not work and failed every request, predictably.) Are there other variable or some way to grab the outgoing HTTP URL or Host that I missing? Every variation I have pulls the host before the redirection happens from the other extension.

toobz | Last updated: Apr 28, 2022 04:05PM UTC

Disregard the load order question. Found this blurb in the documentation: "The order that extensions are shown is the order in which any registered listeners and other extension resources will be invoked."

toobz | Last updated: Apr 28, 2022 04:14PM UTC

Ah okay so looks like the load order was the issue. Thank you for helping me figure that out. So follow up question (which sparked this question to begin with). Are you able to make another HTTP request with specific headers within another request being modified?

Hannah, PortSwigger Agent | Last updated: Apr 29, 2022 09:14AM UTC

Glad to hear changing the load order helped! Are you still referring to chaining modifications to an existing HTTP request, or making a completely separate HTTP request to the original one? If the latter, you can use the function IBurpExtenderCallbacks.makeHttpRequest() to send an HTTP request. With that, you can provide any content that you would like.

toobz | Last updated: Apr 29, 2022 02:48PM UTC

Making a completely separate HTTP request to the original one, however still within the same extension. Am I able to use that makeHttpRequest() twice, one within another? Even with different paths/headers/cookies?

Hannah, PortSwigger Agent | Last updated: May 03, 2022 08:37AM UTC

Hi makeHttpRequest() will issue a specific request, and return an object that has both the sent request and the response received. You can specify whatever path/headers/cookies you want when building the request to be sent. You can find the Extender API documentation online here: https://portswigger.net/burp/extender/api/

You need to Log in to post a reply. Or register here, for free.