Burp community forum

Setting proxy.MasterIntercept to 0

Amit | Last updated: Sep 16, 2015 06:22PM UTC

In order to do selective custom scanning area selection using active scanning using my extension, I am trying to set those values using the loadConfig() To do this, I first set the following values to 'false' scanner.testcommandinjection scanner.testcommandinjectionblind scanner.testcommandinjectioninformed scanner.testCsrf scanner.testheaderinjection scanner.testheadermanipulation scanner.testLDAPinjection scanner.testpathtraversal scanner.testredirection scanner.testReflectedXSS scanner.testremotefileinclusion scanner.testserverissues scanner.testserversidecodeinjection scanner.testserversidetemplateinjection scanner.testSQLinjection scanner.testSQLinjectionboolean scanner.testSQLinjectionerror scanner.testSQLinjectionmssql scanner.testSQLinjectionmysql scanner.testSQLinjectionoracle scanner.testSQLinjectiontime scanner.teststoredXSS scanner.testXMLSOAPinjection scanner.testexternalinteraction And then based on my selection, I set the specific values to true However, I am noticing that when I do that, the proxy.MasterIntercept which is set to 0 (since I turned off proxy intercept), gets set to 1 automatically (ie. proxy intercept gets enabled) I tried to set it forcefully, Map <String, String> newConfig = new HashMap<String, String>(); newConfig.put("proxy.MasterIntercept", "0"); callbacks.loadConfig(newConfig); But it's still not getting set to '0' Any suggestions on how to ensure this doesn't happen? Is this a bug? Should a defect be filed for it?

PortSwigger Agent | Last updated: Sep 17, 2015 02:27PM UTC

There is a specific API to control proxy interception, which is the best way to control this: https://portswigger.net/burp/extender/api/burp/IBurpExtenderCallbacks.html#setProxyInterceptionEnabled(boolean)

Burp User | Last updated: Sep 23, 2015 08:02PM UTC

We do not want to control Proxy Interception. We are trying to load specific values as mentioned, scanner.testcommandinjection scanner.testcommandinjectionblind scanner.testcommandinjectioninformed scanner.testCsrf scanner.testheaderinjection scanner.testheadermanipulation scanner.testLDAPinjection scanner.testpathtraversal scanner.testredirection scanner.testReflectedXSS scanner.testremotefileinclusion scanner.testserverissues scanner.testserversidecodeinjection scanner.testserversidetemplateinjection scanner.testSQLinjection scanner.testSQLinjectionboolean scanner.testSQLinjectionerror scanner.testSQLinjectionmssql scanner.testSQLinjectionmysql scanner.testSQLinjectionoracle scanner.testSQLinjectiontime scanner.teststoredXSS scanner.testXMLSOAPinjection scanner.testexternalinteraction However, when we explicitly set these values using loadConfig() we are noticing that the value for proxy.MasterIntercept is being being set to 1. Not sure why we are seeing that. Is that a bug with the method?

Burp User | Last updated: Sep 23, 2015 09:16PM UTC

One more note, when i perform the loadConfig() operation, even my proxy port settings (I set it to listen on 8081) gets reset to 8080. Can you please look into, why are all proxy settings reverting back to default instead of current when loadconfig() is being performed?

PortSwigger Agent | Last updated: Sep 24, 2015 08:25AM UTC

The way the API works is that all settings revert to defaults if they are not set in the map. The way to do what you want is to first call saveConfig() to obtain a map of all existing settings. Then update that same map by calling put() in the way that you currently are. Then call loadConfig() to reload settings fromt the modified map. If you do this, then all settings will be the same as before, aside from the ones that you have modified.

You need to Log in to post a reply. Or register here, for free.