【PoRE#0x03】Burp Extension

官方教程：Creating Burp extensions - PortSwigger
Montoya官方文档：MontoyaApi
Montoya官方示例：PortSwigger/burp-extensions-montoya-api-examples: Examples for using the Montoya API with Burp Suite

Burp Suite过去插件开发使用的是Extender API，不过最近推出了一套新的API（今年1月刚刚发布），叫做Montoya API。新的API增加了Burp Suite插件开发的简便性，但是似乎并不完善，还有一些接口没有实现的样子。

对于Lab4中的任务，也就是自动处理HTTP包的插件，可以参考这个例子：burp-extensions-montoya-api-examples/proxyhandler/src/main/java/example/proxyhandler at main · PortSwigger/burp-extensions-montoya-api-examples

public class Ext implements BurpExtension {

    @Override
    public void initialize(MontoyaApi api) {
        api.extension().setName("Lab4_Extension");

        Logging logging = api.logging();

        // write a message to our output stream
        logging.logToOutput("Hello output.");

        api.proxy().registerRequestHandler(new RequestHandler(logging));
        logging.logToOutput("Bind RequestHandler");
        api.proxy().registerResponseHandler(new RespondHandler(logging));
        logging.logToOutput("Bind RespondHandler");
    }
}

public class RequestHandler implements ProxyRequestHandler {
    private final Logging logging;
    RequestHandler(Logging logging) {
        this.logging = logging;
    }
    @Override
    public ProxyRequestReceivedAction handleRequestReceived(InterceptedRequest interceptedRequest) {

        logging.logToOutput("Request");
        logging.logToOutput("url " + interceptedRequest.url());
        logging.logToOutput("request " + interceptedRequest.bodyToString());

        // modify the request
        HttpRequest new_request = interceptedRequest;
        if (interceptedRequest.url().contains("login")) {
            logging.logToOutput("Login detected");
            new_request = interceptedRequest.withBody("msg=...");
        } else if (interceptedRequest.url().contains("buy")) {
            logging.logToOutput("Buy detected");
            new_request = interceptedRequest.withBody("msg=...");
        }

        return ProxyRequestReceivedAction.continueWith(new_request);
    }

    @Override
    public ProxyRequestToBeSentAction handleRequestToBeSent(InterceptedRequest interceptedRequest) {
        //Do nothing with the user modified request, continue as normal.
        return ProxyRequestToBeSentAction.continueWith(interceptedRequest);
    }
}

public class RespondHandler implements ProxyResponseHandler {
    private final Logging logging;
    RespondHandler(Logging logging) {
        this.logging = logging;
    }
    @Override
    public ProxyResponseReceivedAction handleResponseReceived(InterceptedResponse interceptedResponse) {
        logging.logToOutput("Response");
        logging.logToOutput("response " + interceptedResponse.bodyToString());

        // modify the response
        if (interceptedResponse.bodyToString().equals("...")) {
            return ProxyResponseReceivedAction.continueWith(interceptedResponse.withBody("..."));
        }
        return ProxyResponseReceivedAction.continueWith(interceptedResponse);
    }
    @Override
    public ProxyResponseToBeSentAction handleResponseToBeSent(InterceptedResponse interceptedResponse) {
        return ProxyResponseToBeSentAction.continueWith(interceptedResponse);
    }
}