Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Python extension works with new header but unable to replace existing header?

toobz | Last updated: Jan 20, 2022 03:34PM UTC

Hey all, I was wondering if I could have some help with this extension. I have been able to pull my existing Cookie header, as well as successfully modify it. However the modification anywhere. It does not appear in the Proxy history, or Logger or even Logger++. Below is my code for reference in Python. I have set it to output a before and after of the Cookie modification, which appears to be working. Are you able to assist to see what is wrong? Have I encountered a bug, or am I simply missing something in my implementation? --------------------------------- # Burp specific imports from burp import IBurpExtender from burp import IHttpListener from burp import IHttpRequestResponse from burp import IRequestInfo # For using the debugging tools from # https://github.com/securityMB/burp-exceptions from exceptions_fix import FixBurpExceptions class BurpExtender(IBurpExtender, IHttpListener): def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # set our extension name that will display in Extender > Output Tab self._callbacks.setExtensionName("Add Custom Cookie") # register an HTTP listener callbacks.registerHttpListener(self) # # implement IHttpListener # def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): # only process requests if not messageIsRequest: return headers = list(self._helpers.analyzeRequest(messageInfo.getRequest()).getHeaders()) for header in headers: if header.strip().startswith("Cookie:"): print("Before: \n%s" % header) headers.remove(header) new_cookie = '; testcookie=testvalue' header += new_cookie print("After: \n%s" % header) request = messageInfo.getRequest() requestStr = self._helpers.bytesToString(request) requestParsed = self._helpers.analyzeRequest(request) body = requestStr[requestParsed.getBodyOffset():] get_final_headers = requestParsed.getHeaders() get_final_headers.add(header) httpRequest = self._helpers.buildHttpMessage(get_final_headers, body) messageInfo.setRequest(httpRequest) return try: FixBurpExceptions() except: pass ---------------------------------

toobz | Last updated: Jan 20, 2022 06:36PM UTC

I think I may have figured it out. I have included the working sample below. Need to do some more testing to ensure validity. --------------------------------- from burp import IBurpExtender from burp import IHttpListener from burp import IHttpRequestResponse from burp import IRequestInfo # For using the debugging tools from # https://github.com/securityMB/burp-exceptions from exceptions_fix import FixBurpExceptions # implement BurpExtender Class class BurpExtender(IBurpExtender, IHttpListener): # define registerExtenderCallbacks: From IBurpExtender Interface def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks # obtain an extension helpers object self._helpers = callbacks.getHelpers() # set our extension name that will display in Extender > Output Tab self._callbacks.setExtensionName("Add Custom Cookie") # register an HTTP listener callbacks.registerHttpListener(self) # define processHttpMessage: From IHttpListener Interface def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): # only work on requests: if messageIsRequest: request = messageInfo.getRequest() requestStr = self._callbacks.getHelpers().bytesToString(request) requestParsed = self._helpers.analyzeRequest(request) body = requestStr[requestParsed.getBodyOffset():] headers = requestParsed.getHeaders() for header in headers: if header.strip().lower().startswith("cookie:"): headers.remove(header) test_cookie = '; testcookie=testvalue' new_cookies = header + test_cookie print(new_cookies) break headers.add(new_cookies) httpRequest = self._callbacks.getHelpers().buildHttpMessage(headers, body) messageInfo.setRequest(httpRequest) return try: FixBurpExceptions() except: pass ---------------------------------

Hannah, PortSwigger Agent | Last updated: Jan 25, 2022 08:35AM UTC