Burp community forum

Scanner vs processHttpMessage (python)

Zoltan | Last updated: Nov 17, 2015 08:54AM UTC

Dear All, I have the following processHttpMessage() function to modify the scanner requests and check SQLi: def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): # only process requests if messageIsRequest and toolFlag == callbacks.TOOL_SCANNER: if self._helpers.analyzeRequest(messageInfo.getRequest()).getMethod() == 'GET': method = IParameter.PARAM_URL else: method = IParameter.PARAM_BODY path = self._helpers.analyzeRequest(messageInfo).getUrl().getPath() if '.' in path: ext = path.split('.')[-1] else: ext = '' if (ext in ['cgi','pl']): parameters = self._helpers.analyzeRequest(messageInfo.getRequest()).getParameters() for parameter in parameters: messageInfo.setRequest(self._helpers.updateParameter(messageInfo.getRequest(), self._helpers.buildParameter(parameter.getName(),"'"+parameter.getValue(),method))) newParam = self._helpers.buildParameter(parameter.getName(),'2',method) messageInfo.setRequest(self._helpers.addParameter(messageInfo.getRequest(), newParam)) return My problem is the following: The scanner is properly discovered the SQLi vulnerability but the issue contains wrong information (before the modification): Reported URL: /cgi-bin/a.cgi?user=root'%20and%20(select*from(select(sleep(20)))a)--%20 Expected URL: /cgi-bin/a.cgi?user='root'%20and%20(select*from(select(sleep(20)))a)--%20&user=2 How can I solve this problem? Can I send the modified request to the scanner engine? I would not like to write the whole SQLi detection in a new doActiveScan(). Thank you!

Burp User | Last updated: Nov 17, 2015 06:16PM UTC

Solved! Based on: http://blog.portswigger.net/2012/12/sample-burp-suite-extension-custom-scan.html

You need to Log in to post a reply. Or register here, for free.