Burp Suite User Forum

Login to post

Unable to edit the content headers

Syed | Last updated: Jun 25, 2019 01:14PM UTC

What is wrong in the below code ? I do not see the request getting edited as I don't find the 'Edited Request' tab at all: package burp; import java.io.PrintWriter; import java.util.List; public class BurpExtender implements IBurpExtender, IHttpListener, IProxyListener { // // implement IBurpExtender // private IExtensionHelpers helpers; PrintWriter stdout; @Override public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) { stdout = new PrintWriter(callbacks.getStdout(), true); helpers = callbacks.getHelpers(); callbacks.setExtensionName("Seccasts"); callbacks.registerHttpListener(this); } public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) { if(messageIsRequest) { IHttpService httpService = messageInfo.getHttpService(); String host = httpService.getHost(); if(host != null) { stdout.println(host); } } } @Override public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessage message) { if(messageIsRequest) { IHttpRequestResponse messageInfo = message.getMessageInfo(); IRequestInfo rqInfo = helpers.analyzeRequest(messageInfo); List headers = rqInfo.getHeaders(); headers.add("Meer: This is the test"); String request = new String(messageInfo.getRequest()); String messageBody = request.substring(rqInfo.getBodyOffset()); byte[] updateMessage = helpers.buildHttpMessage(headers, messageBody.getBytes()); messageInfo.setRequest(updateMessage); } } }

PortSwigger Agent | Last updated: Jun 25, 2019 02:08PM UTC

I think your code will fail with an exception because headers is an immutable list. I recommend you run Burp from the command line so you can see exceptions from your extension on the console. You'll need to do something like: bc. List<String> headers = new ArrayList<String>(rqInfo.getHeaders());

Burp User | Last updated: Jun 29, 2019 12:25AM UTC

I am pretty sure that extensions' processHttpMessage method gets called after the request has already been sent and thus doesn't actually update the Burp UI (at least this is the behavior I have encountered with my extensions). If you use an upstream proxy or the Logger++ extension you should be able to see whether your extension actually did modify the headers.

You need to Log in to post a reply. Or register here, for free.