diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..412eeda
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,22 @@
+# Auto detect text files and perform LF normalization
+* text=auto
+
+# Custom for Visual Studio
+*.cs diff=csharp
+*.sln merge=union
+*.csproj merge=union
+*.vbproj merge=union
+*.fsproj merge=union
+*.dbproj merge=union
+
+# Standard to msysgit
+*.doc diff=astextplain
+*.DOC diff=astextplain
+*.docx diff=astextplain
+*.DOCX diff=astextplain
+*.dot diff=astextplain
+*.DOT diff=astextplain
+*.pdf diff=astextplain
+*.PDF diff=astextplain
+*.rtf diff=astextplain
+*.RTF diff=astextplain
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b9d6bd9
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,215 @@
+#################
+## Eclipse
+#################
+
+*.pydevproject
+.project
+.metadata
+bin/
+tmp/
+*.tmp
+*.bak
+*.swp
+*~.nib
+local.properties
+.classpath
+.settings/
+.loadpath
+
+# External tool builders
+.externalToolBuilders/
+
+# Locally stored "Eclipse launch configurations"
+*.launch
+
+# CDT-specific
+.cproject
+
+# PDT-specific
+.buildpath
+
+
+#################
+## Visual Studio
+#################
+
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+
+# User-specific files
+*.suo
+*.user
+*.sln.docstates
+
+# Build results
+
+[Dd]ebug/
+[Rr]elease/
+x64/
+build/
+[Bb]in/
+[Oo]bj/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+*_i.c
+*_p.c
+*.ilk
+*.meta
+*.obj
+*.pch
+*.pdb
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*.log
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.log
+*.scc
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opensdf
+*.sdf
+*.cachefile
+
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+
+# Guidance Automation Toolkit
+*.gpState
+
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+*.[Rr]e[Ss]harper
+
+# TeamCity is a build add-in
+_TeamCity*
+
+# DotCover is a Code Coverage Tool
+*.dotCover
+
+# NCrunch
+*.ncrunch*
+.*crunch*.local.xml
+
+# Installshield output folder
+[Ee]xpress/
+
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+
+# Click-Once directory
+publish/
+
+# Publish Web Output
+*.Publish.xml
+*.pubxml
+
+# NuGet Packages Directory
+## TODO: If you have NuGet Package Restore enabled, uncomment the next line
+#packages/
+
+# Windows Azure Build Output
+csx
+*.build.csdef
+
+# Windows Store app package directory
+AppPackages/
+
+# Others
+sql/
+*.Cache
+ClientBin/
+[Ss]tyle[Cc]op.*
+~$*
+*~
+*.dbmdl
+*.[Pp]ublish.xml
+*.pfx
+*.publishsettings
+
+# RIA/Silverlight projects
+Generated_Code/
+
+# Backup & report files from converting an old project file to a newer
+# Visual Studio version. Backup files are not needed, because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+
+# SQL Server files
+App_Data/*.mdf
+App_Data/*.ldf
+
+#############
+## Windows detritus
+#############
+
+# Windows image file caches
+Thumbs.db
+ehthumbs.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Mac crap
+.DS_Store
+
+
+#############
+## Python
+#############
+
+*.py[co]
+
+# Packages
+*.egg
+*.egg-info
+dist/
+build/
+eggs/
+parts/
+var/
+sdist/
+develop-eggs/
+.installed.cfg
+
+# Installer logs
+pip-log.txt
+
+# Unit test / coverage reports
+.coverage
+.tox
+
+#Translations
+*.mo
+
+#Mr Developer
+.mr.developer.cfg
diff --git a/jsbeautifier/CHANGELOG b/jsbeautifier/CHANGELOG
new file mode 100644
index 0000000..77ce8b7
--- /dev/null
+++ b/jsbeautifier/CHANGELOG
@@ -0,0 +1,22 @@
+v 1.0
+=========================================================================
+- Works with the latest version of Burp Suite (tested on 1.5.21)
+- Automatic beautifying responses in all tabs
+- Ability of beautifying the headers
+- JSBeautifier Settings tab
+- Multiple bugs were fixed
+- Rhino library has been updated
+- Syntax highlighter library has been updated
+- Moved to GitHub
+- License changed to MIT
+
+v 0.1a
+=========================================================================
+- First version of extension with Java in GoogleCode
+- Automatic beautifying the responses in proxy
+- Manual beautifying the requests/responses
+- Supporting Burp suite scope
+- Mimicking exact behaviour of JSBeautifier.org website by using Rhino library
+- Supporting multiple file types (JS, CSS, HTML, and so on)
+- Detecting packers and obfuscators (based on JSBeautifier.org)
+- Syntax highlighter in the read-only editor by using Fifesoft RSyntaxTextArea library
\ No newline at end of file
diff --git a/jsbeautifier/build.xml b/jsbeautifier/build.xml
new file mode 100644
index 0000000..fb9bb45
--- /dev/null
+++ b/jsbeautifier/build.xml
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/jsbeautifier/jsbeautifier.jar b/jsbeautifier/jsbeautifier.jar
new file mode 100644
index 0000000..61c2ba1
Binary files /dev/null and b/jsbeautifier/jsbeautifier.jar differ
diff --git a/jsbeautifier/libs/js.jar b/jsbeautifier/libs/js.jar
new file mode 100644
index 0000000..6f0dafb
Binary files /dev/null and b/jsbeautifier/libs/js.jar differ
diff --git a/jsbeautifier/libs/rsyntaxtextarea.jar b/jsbeautifier/libs/rsyntaxtextarea.jar
new file mode 100644
index 0000000..6197b42
Binary files /dev/null and b/jsbeautifier/libs/rsyntaxtextarea.jar differ
diff --git a/jsbeautifier/src/burp/BurpExtender.java b/jsbeautifier/src/burp/BurpExtender.java
new file mode 100644
index 0000000..8d65362
--- /dev/null
+++ b/jsbeautifier/src/burp/BurpExtender.java
@@ -0,0 +1,104 @@
+package burp;
+
+import java.net.URL;
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.List;
+import javax.swing.JMenuItem;
+
+
+public class BurpExtender implements IBurpExtender, IHttpListener,
+IExtensionStateListener, IContextMenuFactory
+{
+ public burp.IBurpExtenderCallbacks mCallbacks; // I will use this to keep the callbacks
+ private PrintWriter stdout;
+ private IExtensionHelpers helpers;
+
+ @Override
+ public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks)
+ {
+ // keep a reference to our callbacks object
+ this.mCallbacks = callbacks;
+ this.helpers = callbacks.getHelpers();
+ mCallbacks.setExtensionName("JSBeautifier");
+
+ // obtain our output stream
+ stdout = new PrintWriter(mCallbacks.getStdout(), true);
+
+ // register ourselves as an HTTP listener
+ mCallbacks.registerHttpListener(this);
+
+ // register ourselves as an extension state listener
+ mCallbacks.registerExtensionStateListener(this);
+
+ // add Beautifier to right-click menu
+ callbacks.registerContextMenuFactory(this);
+
+ // add JSBeautifier settings tab
+ mCallbacks.addSuiteTab(new burp.customGUI.PreferencesEditor());
+
+ stdout.println("Loading... "+burp.JSBeautifier.BeautifierPreferences.getAppInfo());
+ }
+
+
+ @Override
+ public void processHttpMessage(int toolFlag, boolean messageIsRequest,
+ IHttpRequestResponse messageInfo) {
+ // Loading automatic beautifier
+ String toolName = mCallbacks.getToolName(toolFlag);
+ toolName = toolName.toLowerCase();
+ if (!messageIsRequest && ((toolName.indexOf("proxy") > -1 && burp.JSBeautifier.BeautifierPreferences.isAutomaticInProxy()) || burp.JSBeautifier.BeautifierPreferences.isAutomaticInAll())){
+ try
+ {
+ URL uUrl = helpers.analyzeRequest(messageInfo).getUrl();
+
+ if(burp.JSBeautifier.BeautifierPreferences.isDebugMode())
+ stdout.println("Incoming URL: "+uUrl.toString());
+
+ // Check for the scope if it is restricted to scope
+ if (!burp.JSBeautifier.BeautifierPreferences.isRestrictedToScope() || mCallbacks.isInScope(uUrl))
+ {
+
+ IHttpRequestResponse[] newMessageInfo = new IHttpRequestResponse[1];
+ newMessageInfo[0] = messageInfo;
+ // Loading the beautifier functions
+ burp.JSBeautifier.JSBeautifierFunctions jsBeautifierFunctions = new burp.JSBeautifier.JSBeautifierFunctions(mCallbacks);
+
+ if(burp.JSBeautifier.BeautifierPreferences.isDebugMode())
+ stdout.println("Begin beautifying [In Scope]: "+uUrl.toString());
+
+ jsBeautifierFunctions.beautifyIt(newMessageInfo,true,2); // Automatic mode
+
+ if(burp.JSBeautifier.BeautifierPreferences.isDebugMode())
+ stdout.println("End beautifying [In Scope]: "+uUrl.toString());
+ }
+ }
+ catch (Exception e)
+ {
+ e.printStackTrace();
+ }
+ }
+
+ }
+
+
+ @Override
+ public void extensionUnloaded()
+ {
+ stdout.println("Unloading... "+burp.JSBeautifier.BeautifierPreferences.getAppInfo());
+ }
+
+
+ @Override
+ public List createMenuItems(IContextMenuInvocation invocation) {
+ List menuItems = new ArrayList();
+ JMenuItem item = new JMenuItem(new burp.JSBeautifier.JSBeautifierManualMenu(mCallbacks, invocation, stdout));
+ menuItems.add(item);
+ return menuItems;
+ }
+
+ public static void main(String [] args){
+ System.out.println("Build Me");
+ }
+}
+
diff --git a/jsbeautifier/src/burp/IBurpExtender.java b/jsbeautifier/src/burp/IBurpExtender.java
new file mode 100644
index 0000000..ff6ad12
--- /dev/null
+++ b/jsbeautifier/src/burp/IBurpExtender.java
@@ -0,0 +1,31 @@
+package burp;
+
+/*
+ * @(#)IBurpExtender.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * All extensions must implement this interface.
+ *
+ * Implementations must be called BurpExtender, in the package burp, must be
+ * declared public, and must provide a default (public, no-argument)
+ * constructor.
+ */
+public interface IBurpExtender
+{
+ /**
+ * This method is invoked when the extension is loaded. It registers an
+ * instance of the
+ * IBurpExtenderCallbacks
interface, providing methods that may
+ * be invoked by the extension to perform various actions.
+ *
+ * @param callbacks An
+ * IBurpExtenderCallbacks
object.
+ */
+ void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks);
+}
diff --git a/jsbeautifier/src/burp/IBurpExtenderCallbacks.java b/jsbeautifier/src/burp/IBurpExtenderCallbacks.java
new file mode 100644
index 0000000..f43f046
--- /dev/null
+++ b/jsbeautifier/src/burp/IBurpExtenderCallbacks.java
@@ -0,0 +1,800 @@
+package burp;
+
+/*
+ * @(#)IBurpExtenderCallbacks.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.awt.Component;
+import java.io.OutputStream;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * This interface is used by Burp Suite to pass to extensions a set of callback
+ * methods that can be used by extensions to perform various actions within
+ * Burp.
+ *
+ * When an extension is loaded, Burp invokes its
+ * registerExtenderCallbacks()
method and passes an instance of the
+ * IBurpExtenderCallbacks
interface. The extension may then invoke
+ * the methods of this interface as required in order to extend Burp's
+ * functionality.
+ */
+public interface IBurpExtenderCallbacks
+{
+ /**
+ * Flag used to identify Burp Suite as a whole.
+ */
+ static final int TOOL_SUITE = 0x00000001;
+ /**
+ * Flag used to identify the Burp Target tool.
+ */
+ static final int TOOL_TARGET = 0x00000002;
+ /**
+ * Flag used to identify the Burp Proxy tool.
+ */
+ static final int TOOL_PROXY = 0x00000004;
+ /**
+ * Flag used to identify the Burp Spider tool.
+ */
+ static final int TOOL_SPIDER = 0x00000008;
+ /**
+ * Flag used to identify the Burp Scanner tool.
+ */
+ static final int TOOL_SCANNER = 0x00000010;
+ /**
+ * Flag used to identify the Burp Intruder tool.
+ */
+ static final int TOOL_INTRUDER = 0x00000020;
+ /**
+ * Flag used to identify the Burp Repeater tool.
+ */
+ static final int TOOL_REPEATER = 0x00000040;
+ /**
+ * Flag used to identify the Burp Sequencer tool.
+ */
+ static final int TOOL_SEQUENCER = 0x00000080;
+ /**
+ * Flag used to identify the Burp Decoder tool.
+ */
+ static final int TOOL_DECODER = 0x00000100;
+ /**
+ * Flag used to identify the Burp Comparer tool.
+ */
+ static final int TOOL_COMPARER = 0x00000200;
+ /**
+ * Flag used to identify the Burp Extender tool.
+ */
+ static final int TOOL_EXTENDER = 0x00000400;
+
+ /**
+ * This method is used to set the display name for the current extension,
+ * which will be displayed within the user interface for the Extender tool.
+ *
+ * @param name The extension name.
+ */
+ void setExtensionName(String name);
+
+ /**
+ * This method is used to obtain an
+ * IExtensionHelpers
object, which can be used by the extension
+ * to perform numerous useful tasks.
+ *
+ * @return An object containing numerous helper methods, for tasks such as
+ * building and analyzing HTTP requests.
+ */
+ IExtensionHelpers getHelpers();
+
+ /**
+ * This method is used to obtain the current extension's standard output
+ * stream. Extensions should write all output to this stream, allowing the
+ * Burp user to configure how that output is handled from within the UI.
+ *
+ * @return The extension's standard output stream.
+ */
+ OutputStream getStdout();
+
+ /**
+ * This method is used to obtain the current extension's standard error
+ * stream. Extensions should write all error messages to this stream,
+ * allowing the Burp user to configure how that output is handled from
+ * within the UI.
+ *
+ * @return The extension's standard error stream.
+ */
+ OutputStream getStderr();
+
+ /**
+ * This method is used to register a listener which will be notified of
+ * changes to the extension's state. Note: Any extensions that start
+ * background threads or open system resources (such as files or database
+ * connections) should register a listener and terminate threads / close
+ * resources when the extension is unloaded.
+ *
+ * @param listener An object created by the extension that implements the
+ * IExtensionStateListener
interface.
+ */
+ void registerExtensionStateListener(IExtensionStateListener listener);
+
+ /**
+ * This method is used to register a listener which will be notified of
+ * requests and responses made by any Burp tool. Extensions can perform
+ * custom analysis or modification of these messages by registering an HTTP
+ * listener.
+ *
+ * @param listener An object created by the extension that implements the
+ * IHttpListener
interface.
+ */
+ void registerHttpListener(IHttpListener listener);
+
+ /**
+ * This method is used to register a listener which will be notified of
+ * requests and responses being processed by the Proxy tool. Extensions can
+ * perform custom analysis or modification of these messages, and control
+ * in-UI message interception, by registering a proxy listener.
+ *
+ * @param listener An object created by the extension that implements the
+ * IProxyListener
interface.
+ */
+ void registerProxyListener(IProxyListener listener);
+
+ /**
+ * This method is used to register a listener which will be notified of new
+ * issues that are reported by the Scanner tool. Extensions can perform
+ * custom analysis or logging of Scanner issues by registering a Scanner
+ * listener.
+ *
+ * @param listener An object created by the extension that implements the
+ * IScannerListener
interface.
+ */
+ void registerScannerListener(IScannerListener listener);
+
+ /**
+ * This method is used to register a listener which will be notified of
+ * changes to Burp's suite-wide target scope.
+ *
+ * @param listener An object created by the extension that implements the
+ * IScopeChangeListener
interface.
+ */
+ void registerScopeChangeListener(IScopeChangeListener listener);
+
+ /**
+ * This method is used to register a factory for custom context menu items.
+ * When the user invokes a context menu anywhere within Burp, the factory
+ * will be passed details of the invocation event, and asked to provide any
+ * custom context menu items that should be shown.
+ *
+ * @param factory An object created by the extension that implements the
+ * IContextMenuFactory
interface.
+ */
+ void registerContextMenuFactory(IContextMenuFactory factory);
+
+ /**
+ * This method is used to register a factory for custom message editor tabs.
+ * For each message editor that already exists, or is subsequently created,
+ * within Burp, the factory will be asked to provide a new instance of an
+ * IMessageEditorTab
object, which can provide custom rendering
+ * or editing of HTTP messages.
+ *
+ * @param factory An object created by the extension that implements the
+ * IMessageEditorTabFactory
interface.
+ */
+ void registerMessageEditorTabFactory(IMessageEditorTabFactory factory);
+
+ /**
+ * This method is used to register a provider of Scanner insertion points.
+ * For each base request that is actively scanned, Burp will ask the
+ * provider to provide any custom scanner insertion points that are
+ * appropriate for the request.
+ *
+ * @param provider An object created by the extension that implements the
+ * IScannerInsertionPointProvider
interface.
+ */
+ void registerScannerInsertionPointProvider(
+ IScannerInsertionPointProvider provider);
+
+ /**
+ * This method is used to register a custom Scanner check. When performing
+ * scanning, Burp will ask the check to perform active or passive scanning
+ * on the base request, and report any Scanner issues that are identified.
+ *
+ * @param check An object created by the extension that implements the
+ * IScannerCheck
interface.
+ */
+ void registerScannerCheck(IScannerCheck check);
+
+ /**
+ * This method is used to register a factory for Intruder payloads. Each
+ * registered factory will be available within the Intruder UI for the user
+ * to select as the payload source for an attack. When this is selected, the
+ * factory will be asked to provide a new instance of an
+ * IIntruderPayloadGenerator
object, which will be used to
+ * generate payloads for the attack.
+ *
+ * @param factory An object created by the extension that implements the
+ * IIntruderPayloadGeneratorFactory
interface.
+ */
+ void registerIntruderPayloadGeneratorFactory(
+ IIntruderPayloadGeneratorFactory factory);
+
+ /**
+ * This method is used to register a custom Intruder payload processor. Each
+ * registered processor will be available within the Intruder UI for the
+ * user to select as the action for a payload processing rule.
+ *
+ * @param processor An object created by the extension that implements the
+ * IIntruderPayloadProcessor
interface.
+ */
+ void registerIntruderPayloadProcessor(IIntruderPayloadProcessor processor);
+
+ /**
+ * This method is used to register a custom session handling action. Each
+ * registered action will be available within the session handling rule UI
+ * for the user to select as a rule action. Users can choose to invoke an
+ * action directly in its own right, or following execution of a macro.
+ *
+ * @param action An object created by the extension that implements the
+ * ISessionHandlingAction
interface.
+ */
+ void registerSessionHandlingAction(ISessionHandlingAction action);
+
+ /**
+ * This method is used to unload the extension from Burp Suite.
+ */
+ void unloadExtension();
+
+ /**
+ * This method is used to add a custom tab to the main Burp Suite window.
+ *
+ * @param tab An object created by the extension that implements the
+ * ITab
interface.
+ */
+ void addSuiteTab(ITab tab);
+
+ /**
+ * This method is used to remove a previously-added tab from the main Burp
+ * Suite window.
+ *
+ * @param tab An object created by the extension that implements the
+ * ITab
interface.
+ */
+ void removeSuiteTab(ITab tab);
+
+ /**
+ * This method is used to customize UI components in line with Burp's UI
+ * style, including font size, colors, table line spacing, etc.
+ *
+ * @param component The UI component to be customized.
+ */
+ void customizeUiComponent(Component component);
+
+ /**
+ * This method is used to create a new instance of Burp's HTTP message
+ * editor, for the extension to use in its own UI.
+ *
+ * @param controller An object created by the extension that implements the
+ * IMessageEditorController
interface. This parameter is
+ * optional and may be null
. If it is provided, then the
+ * message editor will query the controller when required to obtain details
+ * about the currently displayed message, including the
+ * IHttpService
for the message, and the associated request or
+ * response message. If a controller is not provided, then the message
+ * editor will not support context menu actions, such as sending requests to
+ * other Burp tools.
+ * @param editable Indicates whether the editor created should be editable,
+ * or used only for message viewing.
+ * @return An object that implements the IMessageEditor
+ * interface, and which the extension can use in its own UI.
+ */
+ IMessageEditor createMessageEditor(IMessageEditorController controller,
+ boolean editable);
+
+ /**
+ * This method returns the command line arguments that were passed to Burp
+ * on startup.
+ *
+ * @return The command line arguments that were passed to Burp on startup.
+ */
+ String[] getCommandLineArguments();
+
+ /**
+ * This method is used to save configuration settings for the extension in a
+ * persistent way that survives reloads of the extension and of Burp Suite.
+ * Saved settings can be retrieved using the method
+ * loadExtensionSetting()
.
+ *
+ * @param name The name of the setting.
+ * @param value The value of the setting. If this value is null
+ * then any existing setting with the specified name will be removed.
+ */
+ void saveExtensionSetting(String name, String value);
+
+ /**
+ * This method is used to load configuration settings for the extension that
+ * were saved using the method
+ * saveExtensionSetting()
.
+ *
+ * @param name The name of the setting.
+ * @return The value of the setting, or null
if no value is
+ * set.
+ */
+ String loadExtensionSetting(String name);
+
+ /**
+ * This method is used to create a new instance of Burp's plain text editor,
+ * for the extension to use in its own UI.
+ *
+ * @return An object that implements the ITextEditor
interface,
+ * and which the extension can use in its own UI.
+ */
+ ITextEditor createTextEditor();
+
+ /**
+ * This method can be used to send an HTTP request to the Burp Repeater
+ * tool. The request will be displayed in the user interface, but will not
+ * be issued until the user initiates this action.
+ *
+ * @param host The hostname of the remote HTTP server.
+ * @param port The port of the remote HTTP server.
+ * @param useHttps Flags whether the protocol is HTTPS or HTTP.
+ * @param request The full HTTP request.
+ * @param tabCaption An optional caption which will appear on the Repeater
+ * tab containing the request. If this value is null
then a
+ * default tab index will be displayed.
+ */
+ void sendToRepeater(
+ String host,
+ int port,
+ boolean useHttps,
+ byte[] request,
+ String tabCaption);
+
+ /**
+ * This method can be used to send an HTTP request to the Burp Intruder
+ * tool. The request will be displayed in the user interface, and markers
+ * for attack payloads will be placed into default locations within the
+ * request.
+ *
+ * @param host The hostname of the remote HTTP server.
+ * @param port The port of the remote HTTP server.
+ * @param useHttps Flags whether the protocol is HTTPS or HTTP.
+ * @param request The full HTTP request.
+ */
+ void sendToIntruder(
+ String host,
+ int port,
+ boolean useHttps,
+ byte[] request);
+
+ /**
+ * This method can be used to send an HTTP request to the Burp Intruder
+ * tool. The request will be displayed in the user interface, and markers
+ * for attack payloads will be placed into the specified locations within
+ * the request.
+ *
+ * @param host The hostname of the remote HTTP server.
+ * @param port The port of the remote HTTP server.
+ * @param useHttps Flags whether the protocol is HTTPS or HTTP.
+ * @param request The full HTTP request.
+ * @param payloadPositionOffsets A list of index pairs representing the
+ * payload positions to be used. Each item in the list must be an int[2]
+ * array containing the start and end offsets for the payload position.
+ */
+ void sendToIntruder(
+ String host,
+ int port,
+ boolean useHttps,
+ byte[] request,
+ List payloadPositionOffsets);
+
+ /**
+ * This method can be used to send a seed URL to the Burp Spider tool. If
+ * the URL is not within the current Spider scope, the user will be asked if
+ * they wish to add the URL to the scope. If the Spider is not currently
+ * running, it will be started. The seed URL will be requested, and the
+ * Spider will process the application's response in the normal way.
+ *
+ * @param url The new seed URL to begin spidering from.
+ */
+ void sendToSpider(
+ java.net.URL url);
+
+ /**
+ * This method can be used to send an HTTP request to the Burp Scanner tool
+ * to perform an active vulnerability scan. If the request is not within the
+ * current active scanning scope, the user will be asked if they wish to
+ * proceed with the scan.
+ *
+ * @param host The hostname of the remote HTTP server.
+ * @param port The port of the remote HTTP server.
+ * @param useHttps Flags whether the protocol is HTTPS or HTTP.
+ * @param request The full HTTP request.
+ * @return The resulting scan queue item.
+ */
+ IScanQueueItem doActiveScan(
+ String host,
+ int port,
+ boolean useHttps,
+ byte[] request);
+
+ /**
+ * This method can be used to send an HTTP request to the Burp Scanner tool
+ * to perform an active vulnerability scan, based on a custom list of
+ * insertion points that are to be scanned. If the request is not within the
+ * current active scanning scope, the user will be asked if they wish to
+ * proceed with the scan.
+ *
+ * @param host The hostname of the remote HTTP server.
+ * @param port The port of the remote HTTP server.
+ * @param useHttps Flags whether the protocol is HTTPS or HTTP.
+ * @param request The full HTTP request.
+ * @param insertionPointOffsets A list of index pairs representing the
+ * positions of the insertion points that should be scanned. Each item in
+ * the list must be an int[2] array containing the start and end offsets for
+ * the insertion point.
+ * @return The resulting scan queue item.
+ */
+ IScanQueueItem doActiveScan(
+ String host,
+ int port,
+ boolean useHttps,
+ byte[] request,
+ List insertionPointOffsets);
+
+ /**
+ * This method can be used to send an HTTP request to the Burp Scanner tool
+ * to perform a passive vulnerability scan.
+ *
+ * @param host The hostname of the remote HTTP server.
+ * @param port The port of the remote HTTP server.
+ * @param useHttps Flags whether the protocol is HTTPS or HTTP.
+ * @param request The full HTTP request.
+ * @param response The full HTTP response.
+ */
+ void doPassiveScan(
+ String host,
+ int port,
+ boolean useHttps,
+ byte[] request,
+ byte[] response);
+
+ /**
+ * This method can be used to issue HTTP requests and retrieve their
+ * responses.
+ *
+ * @param httpService The HTTP service to which the request should be sent.
+ * @param request The full HTTP request.
+ * @return An object that implements the IHttpRequestResponse
+ * interface, and which the extension can query to obtain the details of the
+ * response.
+ */
+ IHttpRequestResponse makeHttpRequest(IHttpService httpService,
+ byte[] request);
+
+ /**
+ * This method can be used to issue HTTP requests and retrieve their
+ * responses.
+ *
+ * @param host The hostname of the remote HTTP server.
+ * @param port The port of the remote HTTP server.
+ * @param useHttps Flags whether the protocol is HTTPS or HTTP.
+ * @param request The full HTTP request.
+ * @return The full response retrieved from the remote server.
+ */
+ byte[] makeHttpRequest(
+ String host,
+ int port,
+ boolean useHttps,
+ byte[] request);
+
+ /**
+ * This method can be used to query whether a specified URL is within the
+ * current Suite-wide scope.
+ *
+ * @param url The URL to query.
+ * @return Returns true
if the URL is within the current
+ * Suite-wide scope.
+ */
+ boolean isInScope(java.net.URL url);
+
+ /**
+ * This method can be used to include the specified URL in the Suite-wide
+ * scope.
+ *
+ * @param url The URL to include in the Suite-wide scope.
+ */
+ void includeInScope(java.net.URL url);
+
+ /**
+ * This method can be used to exclude the specified URL from the Suite-wide
+ * scope.
+ *
+ * @param url The URL to exclude from the Suite-wide scope.
+ */
+ void excludeFromScope(java.net.URL url);
+
+ /**
+ * This method can be used to display a specified message in the Burp Suite
+ * alerts tab.
+ *
+ * @param message The alert message to display.
+ */
+ void issueAlert(String message);
+
+ /**
+ * This method returns details of all items in the Proxy history.
+ *
+ * @return The contents of the Proxy history.
+ */
+ IHttpRequestResponse[] getProxyHistory();
+
+ /**
+ * This method returns details of items in the site map.
+ *
+ * @param urlPrefix This parameter can be used to specify a URL prefix, in
+ * order to extract a specific subset of the site map. The method performs a
+ * simple case-sensitive text match, returning all site map items whose URL
+ * begins with the specified prefix. If this parameter is null, the entire
+ * site map is returned.
+ *
+ * @return Details of items in the site map.
+ */
+ IHttpRequestResponse[] getSiteMap(String urlPrefix);
+
+ /**
+ * This method returns all of the current scan issues for URLs matching the
+ * specified literal prefix.
+ *
+ * @param urlPrefix This parameter can be used to specify a URL prefix, in
+ * order to extract a specific subset of scan issues. The method performs a
+ * simple case-sensitive text match, returning all scan issues whose URL
+ * begins with the specified prefix. If this parameter is null, all issues
+ * are returned.
+ * @return Details of the scan issues.
+ */
+ IScanIssue[] getScanIssues(String urlPrefix);
+
+ /**
+ * This method is used to generate a report for the specified Scanner
+ * issues. The report format can be specified. For all other reporting
+ * options, the default settings that appear in the reporting UI wizard are
+ * used.
+ *
+ * @param format The format to be used in the report. Accepted values are
+ * HTML and XML.
+ * @param issues The Scanner issues to be reported.
+ * @param file The file to which the report will be saved.
+ */
+ void generateScanReport(String format, IScanIssue[] issues, java.io.File file);
+
+ /**
+ * This method is used to retrieve the contents of Burp's session handling
+ * cookie jar. Extensions that provide an
+ * ISessionHandlingAction
can query and update the cookie jar
+ * in order to handle unusual session handling mechanisms.
+ *
+ * @return A list of ICookie
objects representing the contents
+ * of Burp's session handling cookie jar.
+ */
+ List getCookieJarContents();
+
+ /**
+ * This method is used to update the contents of Burp's session handling
+ * cookie jar. Extensions that provide an
+ * ISessionHandlingAction
can query and update the cookie jar
+ * in order to handle unusual session handling mechanisms.
+ *
+ * @param cookie An ICookie
object containing details of the
+ * cookie to be updated. If the cookie jar already contains a cookie that
+ * matches the specified domain and name, then that cookie will be updated
+ * with the new value and expiration, unless the new value is
+ * null
, in which case the cookie will be removed. If the
+ * cookie jar does not already contain a cookie that matches the specified
+ * domain and name, then the cookie will be added.
+ */
+ void updateCookieJar(ICookie cookie);
+
+ /**
+ * This method can be used to add an item to Burp's site map with the
+ * specified request/response details. This will overwrite the details of
+ * any existing matching item in the site map.
+ *
+ * @param item Details of the item to be added to the site map
+ */
+ void addToSiteMap(IHttpRequestResponse item);
+
+ /**
+ * This method can be used to restore Burp's state from a specified saved
+ * state file. This method blocks until the restore operation is completed,
+ * and must not be called from the event dispatch thread.
+ *
+ * @param file The file containing Burp's saved state.
+ */
+ void restoreState(java.io.File file);
+
+ /**
+ * This method can be used to save Burp's state to a specified file. This
+ * method blocks until the save operation is completed, and must not be
+ * called from the event dispatch thread.
+ *
+ * @param file The file to save Burp's state in.
+ */
+ void saveState(java.io.File file);
+
+ /**
+ * This method causes Burp to save all of its current configuration as a Map
+ * of name/value Strings.
+ *
+ * @return A Map of name/value Strings reflecting Burp's current
+ * configuration.
+ */
+ Map saveConfig();
+
+ /**
+ * This method causes Burp to load a new configuration from the Map of
+ * name/value Strings provided. Any settings not specified in the Map will
+ * be restored to their default values. To selectively update only some
+ * settings and leave the rest unchanged, you should first call
+ * saveConfig()
to obtain Burp's current configuration, modify
+ * the relevant items in the Map, and then call
+ * loadConfig()
with the same Map.
+ *
+ * @param config A map of name/value Strings to use as Burp's new
+ * configuration.
+ */
+ void loadConfig(Map config);
+
+ /**
+ * This method sets the master interception mode for Burp Proxy.
+ *
+ * @param enabled Indicates whether interception of Proxy messages should be
+ * enabled.
+ */
+ void setProxyInterceptionEnabled(boolean enabled);
+
+ /**
+ * This method retrieves information about the version of Burp in which the
+ * extension is running. It can be used by extensions to dynamically adjust
+ * their behavior depending on the functionality and APIs supported by the
+ * current version.
+ *
+ * @return An array of Strings comprised of: the product name (e.g. Burp
+ * Suite Professional), the major version (e.g. 1.5), the minor version
+ * (e.g. 03)
+ */
+ String[] getBurpVersion();
+
+ /**
+ * This method can be used to shut down Burp programmatically, with an
+ * optional prompt to the user. If the method returns, the user canceled the
+ * shutdown prompt.
+ *
+ * @param promptUser Indicates whether to prompt the user to confirm the
+ * shutdown.
+ */
+ void exitSuite(boolean promptUser);
+
+ /**
+ * This method is used to create a temporary file on disk containing the
+ * provided data. Extensions can use temporary files for long-term storage
+ * of runtime data, avoiding the need to retain that data in memory.
+ *
+ * @param buffer The data to be saved to a temporary file.
+ * @return An object that implements the ITempFile
interface.
+ */
+ ITempFile saveToTempFile(byte[] buffer);
+
+ /**
+ * This method is used to save the request and response of an
+ * IHttpRequestResponse
object to temporary files, so that they
+ * are no longer held in memory. Extensions can used this method to convert
+ * IHttpRequestResponse
objects into a form suitable for
+ * long-term storage.
+ *
+ * @param httpRequestResponse The IHttpRequestResponse
object
+ * whose request and response messages are to be saved to temporary files.
+ * @return An object that implements the
+ * IHttpRequestResponsePersisted
interface.
+ */
+ IHttpRequestResponsePersisted saveBuffersToTempFiles(
+ IHttpRequestResponse httpRequestResponse);
+
+ /**
+ * This method is used to apply markers to an HTTP request or response, at
+ * offsets into the message that are relevant for some particular purpose.
+ * Markers are used in various situations, such as specifying Intruder
+ * payload positions, Scanner insertion points, and highlights in Scanner
+ * issues.
+ *
+ * @param httpRequestResponse The IHttpRequestResponse
object
+ * to which the markers should be applied.
+ * @param requestMarkers A list of index pairs representing the offsets of
+ * markers to be applied to the request message. Each item in the list must
+ * be an int[2] array containing the start and end offsets for the marker.
+ * The markers in the list should be in sequence and not overlapping. This
+ * parameter is optional and may be null
if no request markers
+ * are required.
+ * @param responseMarkers A list of index pairs representing the offsets of
+ * markers to be applied to the response message. Each item in the list must
+ * be an int[2] array containing the start and end offsets for the marker.
+ * The markers in the list should be in sequence and not overlapping. This
+ * parameter is optional and may be null
if no response markers
+ * are required.
+ * @return An object that implements the
+ * IHttpRequestResponseWithMarkers
interface.
+ */
+ IHttpRequestResponseWithMarkers applyMarkers(
+ IHttpRequestResponse httpRequestResponse,
+ List requestMarkers,
+ List responseMarkers);
+
+ /**
+ * This method is used to obtain the descriptive name for the Burp tool
+ * identified by the tool flag provided.
+ *
+ * @param toolFlag A flag identifying a Burp tool ( TOOL_PROXY
,
+ * TOOL_SCANNER
, etc.). Tool flags are defined within this
+ * interface.
+ * @return The descriptive name for the specified tool.
+ */
+ String getToolName(int toolFlag);
+
+ /**
+ * This method is used to register a new Scanner issue. Note:
+ * Wherever possible, extensions should implement custom Scanner checks
+ * using
+ * IScannerCheck
and report issues via those checks, so as to
+ * integrate with Burp's user-driven workflow, and ensure proper
+ * consolidation of duplicate reported issues. This method is only designed
+ * for tasks outside of the normal testing workflow, such as importing
+ * results from other scanning tools.
+ *
+ * @param issue An object created by the extension that implements the
+ * IScanIssue
interface.
+ */
+ void addScanIssue(IScanIssue issue);
+
+ /**
+ * This method parses the specified request and returns details of each
+ * request parameter.
+ *
+ * @param request The request to be parsed.
+ * @return An array of: String[] { name, value, type }
+ * containing details of the parameters contained within the request.
+ * @deprecated Use IExtensionHelpers.analyzeRequest()
instead.
+ */
+ @Deprecated
+ String[][] getParameters(byte[] request);
+
+ /**
+ * This method parses the specified request and returns details of each HTTP
+ * header.
+ *
+ * @param message The request to be parsed.
+ * @return An array of HTTP headers.
+ * @deprecated Use IExtensionHelpers.analyzeRequest()
or
+ * IExtensionHelpers.analyzeResponse()
instead.
+ */
+ @Deprecated
+ String[] getHeaders(byte[] message);
+
+ /**
+ * This method can be used to register a new menu item which will appear on
+ * the various context menus that are used throughout Burp Suite to handle
+ * user-driven actions.
+ *
+ * @param menuItemCaption The caption to be displayed on the menu item.
+ * @param menuItemHandler The handler to be invoked when the user clicks on
+ * the menu item.
+ * @deprecated Use registerContextMenuFactory()
instead.
+ */
+ @Deprecated
+ void registerMenuItem(
+ String menuItemCaption,
+ IMenuItemHandler menuItemHandler);
+}
diff --git a/jsbeautifier/src/burp/IContextMenuFactory.java b/jsbeautifier/src/burp/IContextMenuFactory.java
new file mode 100644
index 0000000..6edc628
--- /dev/null
+++ b/jsbeautifier/src/burp/IContextMenuFactory.java
@@ -0,0 +1,38 @@
+package burp;
+
+/*
+ * @(#)IContextMenuFactory.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.util.List;
+import javax.swing.JMenuItem;
+
+/**
+ * Extensions can implement this interface and then call
+ * IBurpExtenderCallbacks.registerContextMenuFactory()
to register
+ * a factory for custom context menu items.
+ */
+public interface IContextMenuFactory
+{
+ /**
+ * This method will be called by Burp when the user invokes a context menu
+ * anywhere within Burp. The factory can then provide any custom context
+ * menu items that should be displayed in the context menu, based on the
+ * details of the menu invocation.
+ *
+ * @param invocation An object that implements the
+ * IMessageEditorTabFactory
interface, which the extension can
+ * query to obtain details of the context menu invocation.
+ * @return A list of custom menu items (which may include sub-menus,
+ * checkbox menu items, etc.) that should be displayed. Extensions may
+ * return
+ * null
from this method, to indicate that no menu items are
+ * required.
+ */
+ List createMenuItems(IContextMenuInvocation invocation);
+}
diff --git a/jsbeautifier/src/burp/IContextMenuInvocation.java b/jsbeautifier/src/burp/IContextMenuInvocation.java
new file mode 100644
index 0000000..27f8553
--- /dev/null
+++ b/jsbeautifier/src/burp/IContextMenuInvocation.java
@@ -0,0 +1,156 @@
+package burp;
+
+/*
+ * @(#)IContextMenuInvocation.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.awt.event.InputEvent;
+
+/**
+ * This interface is used when Burp calls into an extension-provided
+ * IContextMenuFactory
with details of a context menu invocation.
+ * The custom context menu factory can query this interface to obtain details of
+ * the invocation event, in order to determine what menu items should be
+ * displayed.
+ */
+public interface IContextMenuInvocation
+{
+ /**
+ * Used to indicate that the context menu is being invoked in a request
+ * editor.
+ */
+ static final byte CONTEXT_MESSAGE_EDITOR_REQUEST = 0;
+ /**
+ * Used to indicate that the context menu is being invoked in a response
+ * editor.
+ */
+ static final byte CONTEXT_MESSAGE_EDITOR_RESPONSE = 1;
+ /**
+ * Used to indicate that the context menu is being invoked in a non-editable
+ * request viewer.
+ */
+ static final byte CONTEXT_MESSAGE_VIEWER_REQUEST = 2;
+ /**
+ * Used to indicate that the context menu is being invoked in a non-editable
+ * response viewer.
+ */
+ static final byte CONTEXT_MESSAGE_VIEWER_RESPONSE = 3;
+ /**
+ * Used to indicate that the context menu is being invoked in the Target
+ * site map tree.
+ */
+ static final byte CONTEXT_TARGET_SITE_MAP_TREE = 4;
+ /**
+ * Used to indicate that the context menu is being invoked in the Target
+ * site map table.
+ */
+ static final byte CONTEXT_TARGET_SITE_MAP_TABLE = 5;
+ /**
+ * Used to indicate that the context menu is being invoked in the Proxy
+ * history.
+ */
+ static final byte CONTEXT_PROXY_HISTORY = 6;
+ /**
+ * Used to indicate that the context menu is being invoked in the Scanner
+ * results.
+ */
+ static final byte CONTEXT_SCANNER_RESULTS = 7;
+ /**
+ * Used to indicate that the context menu is being invoked in the Intruder
+ * payload positions editor.
+ */
+ static final byte CONTEXT_INTRUDER_PAYLOAD_POSITIONS = 8;
+ /**
+ * Used to indicate that the context menu is being invoked in an Intruder
+ * attack results.
+ */
+ static final byte CONTEXT_INTRUDER_ATTACK_RESULTS = 9;
+ /**
+ * Used to indicate that the context menu is being invoked in a search
+ * results window.
+ */
+ static final byte CONTEXT_SEARCH_RESULTS = 10;
+
+ /**
+ * This method can be used to retrieve the native Java input event that was
+ * the trigger for the context menu invocation.
+ *
+ * @return The InputEvent
that was the trigger for the context
+ * menu invocation.
+ */
+ InputEvent getInputEvent();
+
+ /**
+ * This method can be used to retrieve the Burp tool within which the
+ * context menu was invoked.
+ *
+ * @return A flag indicating the Burp tool within which the context menu was
+ * invoked. Burp tool flags are defined in the
+ * IBurpExtenderCallbacks
interface.
+ */
+ int getToolFlag();
+
+ /**
+ * This method can be used to retrieve the context within which the menu was
+ * invoked.
+ *
+ * @return An index indicating the context within which the menu was
+ * invoked. The indices used are defined within this interface.
+ */
+ byte getInvocationContext();
+
+ /**
+ * This method can be used to retrieve the bounds of the user's selection
+ * into the current message, if applicable.
+ *
+ * @return An int[2] array containing the start and end offsets of the
+ * user's selection in the current message. If the user has not made any
+ * selection in the current message, both offsets indicate the position of
+ * the caret within the editor. If the menu is not being invoked from a
+ * message editor, the method returns null
.
+ */
+ int[] getSelectionBounds();
+
+ /**
+ * This method can be used to retrieve details of the HTTP requests /
+ * responses that were shown or selected by the user when the context menu
+ * was invoked.
+ *
+ * Note: For performance reasons, the objects returned from this
+ * method are tied to the originating context of the messages within the
+ * Burp UI. For example, if a context menu is invoked on the Proxy intercept
+ * panel, then the
+ * IHttpRequestResponse
returned by this method will reflect
+ * the current contents of the interception panel, and this will change when
+ * the current message has been forwarded or dropped. If your extension
+ * needs to store details of the message for which the context menu has been
+ * invoked, then you should query those details from the
+ * IHttpRequestResponse
at the time of invocation, or you
+ * should use
+ * IBurpExtenderCallbacks.saveBuffersToTempFiles()
to create a
+ * persistent read-only copy of the
+ * IHttpRequestResponse
.
+ *
+ * @return An array of IHttpRequestResponse
objects
+ * representing the items that were shown or selected by the user when the
+ * context menu was invoked. This method returns null
if no
+ * messages are applicable to the invocation.
+ */
+ IHttpRequestResponse[] getSelectedMessages();
+
+ /**
+ * This method can be used to retrieve details of the Scanner issues that
+ * were selected by the user when the context menu was invoked.
+ *
+ * @return An array of IScanIssue
objects representing the
+ * issues that were selected by the user when the context menu was invoked.
+ * This method returns null
if no Scanner issues are applicable
+ * to the invocation.
+ */
+ IScanIssue[] getSelectedIssues();
+}
diff --git a/jsbeautifier/src/burp/ICookie.java b/jsbeautifier/src/burp/ICookie.java
new file mode 100644
index 0000000..4f1160e
--- /dev/null
+++ b/jsbeautifier/src/burp/ICookie.java
@@ -0,0 +1,53 @@
+package burp;
+
+/*
+ * @(#)ICookie.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.util.Date;
+
+/**
+ * This interface is used to hold details about an HTTP cookie.
+ */
+public interface ICookie
+{
+ /**
+ * This method is used to retrieve the domain for which the cookie is in
+ * scope.
+ *
+ * @return The domain for which the cookie is in scope. Note: For
+ * cookies that have been analyzed from responses (by calling
+ * IExtensionHelpers.analyzeResponse()
and then
+ * IResponseInfo.getCookies()
, the domain will be
+ * null
if the response did not explicitly set a domain
+ * attribute for the cookie.
+ */
+ String getDomain();
+
+ /**
+ * This method is used to retrieve the expiration time for the cookie.
+ *
+ * @return The expiration time for the cookie, or
+ * null
if none is set (i.e., for non-persistent session
+ * cookies).
+ */
+ Date getExpiration();
+
+ /**
+ * This method is used to retrieve the name of the cookie.
+ *
+ * @return The name of the cookie.
+ */
+ String getName();
+
+ /**
+ * This method is used to retrieve the value of the cookie.
+ * @return The value of the cookie.
+ */
+ String getValue();
+}
diff --git a/jsbeautifier/src/burp/IExtensionHelpers.java b/jsbeautifier/src/burp/IExtensionHelpers.java
new file mode 100644
index 0000000..58cd9fb
--- /dev/null
+++ b/jsbeautifier/src/burp/IExtensionHelpers.java
@@ -0,0 +1,352 @@
+package burp;
+
+/*
+ * @(#)IExtensionHelpers.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.net.URL;
+import java.util.List;
+
+/**
+ * This interface contains a number of helper methods, which extensions can use
+ * to assist with various common tasks that arise for Burp extensions.
+ *
+ * Extensions can call
+ * IBurpExtenderCallbacks.getHelpers
to obtain an instance of this
+ * interface.
+ */
+public interface IExtensionHelpers
+{
+ /**
+ * This method can be used to analyze an HTTP request, and obtain various
+ * key details about it.
+ *
+ * @param request An
+ * IHttpRequestResponse
object containing the request to be
+ * analyzed.
+ * @return An
+ * IRequestInfo
object that can be queried to obtain details
+ * about the request.
+ */
+ IRequestInfo analyzeRequest(IHttpRequestResponse request);
+
+ /**
+ * This method can be used to analyze an HTTP request, and obtain various
+ * key details about it.
+ *
+ * @param httpService The HTTP service associated with the request. This is
+ * optional and may be
+ * null
, in which case the resulting
+ * IRequestInfo
object will not include the full request URL.
+ * @param request The request to be analyzed.
+ * @return An
+ * IRequestInfo
object that can be queried to obtain details
+ * about the request.
+ */
+ IRequestInfo analyzeRequest(IHttpService httpService, byte[] request);
+
+ /**
+ * This method can be used to analyze an HTTP request, and obtain various
+ * key details about it. The resulting
+ * IRequestInfo
object will not include the full request URL.
+ * To obtain the full URL, use one of the other overloaded
+ * analyzeRequest()
methods.
+ *
+ * @param request The request to be analyzed.
+ * @return An
+ * IRequestInfo
object that can be queried to obtain details
+ * about the request.
+ */
+ IRequestInfo analyzeRequest(byte[] request);
+
+ /**
+ * This method can be used to analyze an HTTP response, and obtain various
+ * key details about it.
+ *
+ * @param response The response to be analyzed.
+ * @return An
+ * IResponseInfo
object that can be queried to obtain details
+ * about the response.
+ */
+ IResponseInfo analyzeResponse(byte[] response);
+
+ /**
+ * This method can be used to retrieve details of a specified parameter
+ * within an HTTP request. Note: Use
+ * analyzeRequest()
to obtain details of all parameters within
+ * the request.
+ *
+ * @param request The request to be inspected for the specified parameter.
+ * @param parameterName The name of the parameter to retrieve.
+ * @return An
+ * IParameter
object that can be queried to obtain details
+ * about the parameter, or
+ * null
if the parameter was not found.
+ */
+ IParameter getRequestParameter(byte[] request, String parameterName);
+
+ /**
+ * This method can be used to URL-decode the specified data.
+ *
+ * @param data The data to be decoded.
+ * @return The decoded data.
+ */
+ String urlDecode(String data);
+
+ /**
+ * This method can be used to URL-encode the specified data. Any characters
+ * that do not need to be encoded within HTTP requests are not encoded.
+ *
+ * @param data The data to be encoded.
+ * @return The encoded data.
+ */
+ String urlEncode(String data);
+
+ /**
+ * This method can be used to URL-decode the specified data.
+ *
+ * @param data The data to be decoded.
+ * @return The decoded data.
+ */
+ byte[] urlDecode(byte[] data);
+
+ /**
+ * This method can be used to URL-encode the specified data. Any characters
+ * that do not need to be encoded within HTTP requests are not encoded.
+ *
+ * @param data The data to be encoded.
+ * @return The encoded data.
+ */
+ byte[] urlEncode(byte[] data);
+
+ /**
+ * This method can be used to Base64-decode the specified data.
+ *
+ * @param data The data to be decoded.
+ * @return The decoded data.
+ */
+ byte[] base64Decode(String data);
+
+ /**
+ * This method can be used to Base64-decode the specified data.
+ *
+ * @param data The data to be decoded.
+ * @return The decoded data.
+ */
+ byte[] base64Decode(byte[] data);
+
+ /**
+ * This method can be used to Base64-encode the specified data.
+ *
+ * @param data The data to be encoded.
+ * @return The encoded data.
+ */
+ String base64Encode(String data);
+
+ /**
+ * This method can be used to Base64-encode the specified data.
+ *
+ * @param data The data to be encoded.
+ * @return The encoded data.
+ */
+ String base64Encode(byte[] data);
+
+ /**
+ * This method can be used to convert data from String form into an array of
+ * bytes. The conversion does not reflect any particular character set, and
+ * a character with the hex representation 0xWXYZ will always be converted
+ * into a byte with the representation 0xYZ. It performs the opposite
+ * conversion to the method
+ * bytesToString()
, and byte-based data that is converted to a
+ * String and back again using these two methods is guaranteed to retain its
+ * integrity (which may not be the case with conversions that reflect a
+ * given character set).
+ *
+ * @param data The data to be converted.
+ * @return The converted data.
+ */
+ byte[] stringToBytes(String data);
+
+ /**
+ * This method can be used to convert data from an array of bytes into
+ * String form. The conversion does not reflect any particular character
+ * set, and a byte with the representation 0xYZ will always be converted
+ * into a character with the hex representation 0x00YZ. It performs the
+ * opposite conversion to the method
+ * stringToBytes()
, and byte-based data that is converted to a
+ * String and back again using these two methods is guaranteed to retain its
+ * integrity (which may not be the case with conversions that reflect a
+ * given character set).
+ *
+ * @param data The data to be converted.
+ * @return The converted data.
+ */
+ String bytesToString(byte[] data);
+
+ /**
+ * This method searches a piece of data for the first occurrence of a
+ * specified pattern. It works on byte-based data in a way that is similar
+ * to the way the native Java method
+ * String.indexOf()
works on String-based data.
+ *
+ * @param data The data to be searched.
+ * @param pattern The pattern to be searched for.
+ * @param caseSensitive Flags whether or not the search is case-sensitive.
+ * @param from The offset within
+ * data
where the search should begin.
+ * @param to The offset within
+ * data
where the search should end.
+ * @return The offset of the first occurrence of the pattern within the
+ * specified bounds, or -1 if no match is found.
+ */
+ int indexOf(byte[] data,
+ byte[] pattern,
+ boolean caseSensitive,
+ int from,
+ int to);
+
+ /**
+ * This method builds an HTTP message containing the specified headers and
+ * message body. If applicable, the Content-Length header will be added or
+ * updated, based on the length of the body.
+ *
+ * @param headers A list of headers to include in the message.
+ * @param body The body of the message, of
+ * null
if the message has an empty body.
+ * @return The resulting full HTTP message.
+ */
+ byte[] buildHttpMessage(List headers, byte[] body);
+
+ /**
+ * This method creates a GET request to the specified URL. The headers used
+ * in the request are determined by the Request headers settings as
+ * configured in Burp Spider's options.
+ *
+ * @param url The URL to which the request should be made.
+ * @return A request to the specified URL.
+ */
+ byte[] buildHttpRequest(URL url);
+
+ /**
+ * This method adds a new parameter to an HTTP request, and if appropriate
+ * updates the Content-Length header.
+ *
+ * @param request The request to which the parameter should be added.
+ * @param parameter An
+ * IParameter
object containing details of the parameter to be
+ * added. Supported parameter types are:
+ * PARAM_URL
,
+ * PARAM_BODY
and
+ * PARAM_COOKIE
.
+ * @return A new HTTP request with the new parameter added.
+ */
+ byte[] addParameter(byte[] request, IParameter parameter);
+
+ /**
+ * This method removes a parameter from an HTTP request, and if appropriate
+ * updates the Content-Length header.
+ *
+ * @param request The request from which the parameter should be removed.
+ * @param parameter An
+ * IParameter
object containing details of the parameter to be
+ * removed. Supported parameter types are:
+ * PARAM_URL
,
+ * PARAM_BODY
and
+ * PARAM_COOKIE
.
+ * @return A new HTTP request with the parameter removed.
+ */
+ byte[] removeParameter(byte[] request, IParameter parameter);
+
+ /**
+ * This method updates the value of a parameter within an HTTP request, and
+ * if appropriate updates the Content-Length header. Note: This
+ * method can only be used to update the value of an existing parameter of a
+ * specified type. If you need to change the type of an existing parameter,
+ * you should first call
+ * removeParameter()
to remove the parameter with the old type,
+ * and then call
+ * addParameter()
to add a parameter with the new type.
+ *
+ * @param request The request containing the parameter to be updated.
+ * @param parameter An
+ * IParameter
object containing details of the parameter to be
+ * updated. Supported parameter types are:
+ * PARAM_URL
,
+ * PARAM_BODY
and
+ * PARAM_COOKIE
.
+ * @return A new HTTP request with the parameter updated.
+ */
+ byte[] updateParameter(byte[] request, IParameter parameter);
+
+ /**
+ * This method can be used to toggle a request's method between GET and
+ * POST. Parameters are relocated between the URL query string and message
+ * body as required, and the Content-Length header is created or removed as
+ * applicable.
+ *
+ * @param request The HTTP request whose method should be toggled.
+ * @return A new HTTP request using the toggled method.
+ */
+ byte[] toggleRequestMethod(byte[] request);
+
+ /**
+ * This method constructs an
+ * IHttpService
object based on the details provided.
+ *
+ * @param host The HTTP service host.
+ * @param port The HTTP service port.
+ * @param protocol The HTTP service protocol.
+ * @return An
+ * IHttpService
object based on the details provided.
+ */
+ IHttpService buildHttpService(String host, int port, String protocol);
+
+ /**
+ * This method constructs an
+ * IHttpService
object based on the details provided.
+ *
+ * @param host The HTTP service host.
+ * @param port The HTTP service port.
+ * @param useHttps Flags whether the HTTP service protocol is HTTPS or HTTP.
+ * @return An
+ * IHttpService
object based on the details provided.
+ */
+ IHttpService buildHttpService(String host, int port, boolean useHttps);
+
+ /**
+ * This method constructs an
+ * IParameter
object based on the details provided.
+ *
+ * @param name The parameter name.
+ * @param value The parameter value.
+ * @param type The parameter type, as defined in the
+ * IParameter
interface.
+ * @return An
+ * IParameter
object based on the details provided.
+ */
+ IParameter buildParameter(String name, String value, byte type);
+
+ /**
+ * This method constructs an
+ * IScannerInsertionPoint
object based on the details provided.
+ * It can be used to quickly create a simple insertion point based on a
+ * fixed payload location within a base request.
+ *
+ * @param insertionPointName The name of the insertion point.
+ * @param baseRequest The request from which to build scan requests.
+ * @param from The offset of the start of the payload location.
+ * @param to The offset of the end of the payload location.
+ * @return An
+ * IScannerInsertionPoint
object based on the details provided.
+ */
+ IScannerInsertionPoint makeScannerInsertionPoint(
+ String insertionPointName,
+ byte[] baseRequest,
+ int from,
+ int to);
+}
diff --git a/jsbeautifier/src/burp/IExtensionStateListener.java b/jsbeautifier/src/burp/IExtensionStateListener.java
new file mode 100644
index 0000000..9b385f7
--- /dev/null
+++ b/jsbeautifier/src/burp/IExtensionStateListener.java
@@ -0,0 +1,27 @@
+package burp;
+
+/*
+ * @(#)IExtensionStateListener.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * Extensions can implement this interface and then call
+ * IBurpExtenderCallbacks.registerExtensionStateListener()
to
+ * register an extension state listener. The listener will be notified of
+ * changes to the extension's state. Note: Any extensions that start
+ * background threads or open system resources (such as files or database
+ * connections) should register a listener and terminate threads / close
+ * resources when the extension is unloaded.
+ */
+public interface IExtensionStateListener
+{
+ /**
+ * This method is called when the extension is unloaded.
+ */
+ void extensionUnloaded();
+}
diff --git a/jsbeautifier/src/burp/IHttpListener.java b/jsbeautifier/src/burp/IHttpListener.java
new file mode 100644
index 0000000..c1d9a6f
--- /dev/null
+++ b/jsbeautifier/src/burp/IHttpListener.java
@@ -0,0 +1,37 @@
+package burp;
+
+/*
+ * @(#)IHttpListener.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * Extensions can implement this interface and then call
+ * IBurpExtenderCallbacks.registerHttpListener()
to register an
+ * HTTP listener. The listener will be notified of requests and responses made
+ * by any Burp tool. Extensions can perform custom analysis or modification of
+ * these messages by registering an HTTP listener.
+ */
+public interface IHttpListener
+{
+ /**
+ * This method is invoked when an HTTP request is about to be issued, and
+ * when an HTTP response has been received.
+ *
+ * @param toolFlag A flag indicating the Burp tool that issued the request.
+ * Burp tool flags are defined in the
+ * IBurpExtenderCallbacks
interface.
+ * @param messageIsRequest Flags whether the method is being invoked for a
+ * request or response.
+ * @param messageInfo Details of the request / response to be processed.
+ * Extensions can call the setter methods on this object to update the
+ * current message and so modify Burp's behavior.
+ */
+ void processHttpMessage(int toolFlag,
+ boolean messageIsRequest,
+ IHttpRequestResponse messageInfo);
+}
diff --git a/jsbeautifier/src/burp/IHttpRequestResponse.java b/jsbeautifier/src/burp/IHttpRequestResponse.java
new file mode 100644
index 0000000..1a074b8
--- /dev/null
+++ b/jsbeautifier/src/burp/IHttpRequestResponse.java
@@ -0,0 +1,102 @@
+package burp;
+
+/*
+ * @(#)IHttpRequestResponse.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * This interface is used to retrieve and update details about HTTP messages.
+ *
+ * Note: The setter methods generally can only be used before the message
+ * has been processed, and not in read-only contexts. The getter methods
+ * relating to response details can only be used after the request has been
+ * issued.
+ */
+public interface IHttpRequestResponse
+{
+ /**
+ * This method is used to retrieve the request message.
+ *
+ * @return The request message.
+ */
+ byte[] getRequest();
+
+ /**
+ * This method is used to update the request message.
+ *
+ * @param message The new request message.
+ */
+ void setRequest(byte[] message);
+
+ /**
+ * This method is used to retrieve the response message.
+ *
+ * @return The response message.
+ */
+ byte[] getResponse();
+
+ /**
+ * This method is used to update the response message.
+ *
+ * @param message The new response message.
+ */
+ void setResponse(byte[] message);
+
+ /**
+ * This method is used to retrieve the user-annotated comment for this item,
+ * if applicable.
+ *
+ * @return The user-annotated comment for this item, or null if none is set.
+ */
+ String getComment();
+
+ /**
+ * This method is used to update the user-annotated comment for this item.
+ *
+ * @param comment The comment to be assigned to this item.
+ */
+ void setComment(String comment);
+
+ /**
+ * This method is used to retrieve the user-annotated highlight for this
+ * item, if applicable.
+ *
+ * @return The user-annotated highlight for this item, or null if none is
+ * set.
+ */
+ String getHighlight();
+
+ /**
+ * This method is used to update the user-annotated highlight for this item.
+ *
+ * @param color The highlight color to be assigned to this item. Accepted
+ * values are: red, orange, yellow, green, cyan, blue, pink, magenta, gray,
+ * or a null String to clear any existing highlight.
+ */
+ void setHighlight(String color);
+
+ /**
+ * This method is used to retrieve the HTTP service for this request /
+ * response.
+ *
+ * @return An
+ * IHttpService
object containing details of the HTTP service.
+ */
+ IHttpService getHttpService();
+
+ /**
+ * This method is used to update the HTTP service for this request /
+ * response.
+ *
+ * @param httpService An
+ * IHttpService
object containing details of the new HTTP
+ * service.
+ */
+ void setHttpService(IHttpService httpService);
+
+}
diff --git a/jsbeautifier/src/burp/IHttpRequestResponsePersisted.java b/jsbeautifier/src/burp/IHttpRequestResponsePersisted.java
new file mode 100644
index 0000000..3c47ad7
--- /dev/null
+++ b/jsbeautifier/src/burp/IHttpRequestResponsePersisted.java
@@ -0,0 +1,26 @@
+package burp;
+
+/*
+ * @(#)IHttpRequestResponsePersisted.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * This interface is used for an
+ * IHttpRequestResponse
object whose request and response messages
+ * have been saved to temporary files using
+ * IBurpExtenderCallbacks.saveBuffersToTempFiles()
.
+ */
+public interface IHttpRequestResponsePersisted extends IHttpRequestResponse
+{
+ /**
+ * This method is used to permanently delete the saved temporary files. It
+ * will no longer be possible to retrieve the request or response for this
+ * item.
+ */
+ void deleteTempFiles();
+}
diff --git a/jsbeautifier/src/burp/IHttpRequestResponseWithMarkers.java b/jsbeautifier/src/burp/IHttpRequestResponseWithMarkers.java
new file mode 100644
index 0000000..5ddc9ae
--- /dev/null
+++ b/jsbeautifier/src/burp/IHttpRequestResponseWithMarkers.java
@@ -0,0 +1,44 @@
+package burp;
+
+/*
+ * @(#)IHttpRequestResponseWithMarkers.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.util.List;
+
+/**
+ * This interface is used for an
+ * IHttpRequestResponse
object that has had markers applied.
+ * Extensions can create instances of this interface using
+ * IBurpExtenderCallbacks.applyMarkers()
, or provide their own
+ * implementation. Markers are used in various situations, such as specifying
+ * Intruder payload positions, Scanner insertion points, and highlights in
+ * Scanner issues.
+ */
+public interface IHttpRequestResponseWithMarkers extends IHttpRequestResponse
+{
+ /**
+ * This method returns the details of the request markers.
+ *
+ * @return A list of index pairs representing the offsets of markers for the
+ * request message. Each item in the list is an int[2] array containing the
+ * start and end offsets for the marker. The method may return
+ * null
if no request markers are defined.
+ */
+ List getRequestMarkers();
+
+ /**
+ * This method returns the details of the response markers.
+ *
+ * @return A list of index pairs representing the offsets of markers for the
+ * response message. Each item in the list is an int[2] array containing the
+ * start and end offsets for the marker. The method may return
+ * null
if no response markers are defined.
+ */
+ List getResponseMarkers();
+}
diff --git a/jsbeautifier/src/burp/IHttpService.java b/jsbeautifier/src/burp/IHttpService.java
new file mode 100644
index 0000000..9810d80
--- /dev/null
+++ b/jsbeautifier/src/burp/IHttpService.java
@@ -0,0 +1,39 @@
+package burp;
+
+/*
+ * @(#)IHttpService.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * This interface is used to provide details about an HTTP service, to which
+ * HTTP requests can be sent.
+ */
+public interface IHttpService
+{
+ /**
+ * This method returns the hostname or IP address for the service.
+ *
+ * @return The hostname or IP address for the service.
+ */
+ String getHost();
+
+ /**
+ * This method returns the port number for the service.
+ *
+ * @return The port number for the service.
+ */
+ int getPort();
+
+ /**
+ * This method returns the protocol for the service.
+ *
+ * @return The protocol for the service. Expected values are "http" or
+ * "https".
+ */
+ String getProtocol();
+}
diff --git a/jsbeautifier/src/burp/IInterceptedProxyMessage.java b/jsbeautifier/src/burp/IInterceptedProxyMessage.java
new file mode 100644
index 0000000..bf6f47f
--- /dev/null
+++ b/jsbeautifier/src/burp/IInterceptedProxyMessage.java
@@ -0,0 +1,116 @@
+package burp;
+
+/*
+ * @(#)IInterceptedProxyMessage.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.net.InetAddress;
+
+/**
+ * This interface is used to represent an HTTP message that has been intercepted
+ * by Burp Proxy. Extensions can register an
+ * IProxyListener
to receive details of proxy messages using this
+ * interface. *
+ */
+public interface IInterceptedProxyMessage
+{
+ /**
+ * This action causes Burp Proxy to follow the current interception rules to
+ * determine the appropriate action to take for the message.
+ */
+ static final int ACTION_FOLLOW_RULES = 0;
+ /**
+ * This action causes Burp Proxy to present the message to the user for
+ * manual review or modification.
+ */
+ static final int ACTION_DO_INTERCEPT = 1;
+ /**
+ * This action causes Burp Proxy to forward the message to the remote server
+ * or client, without presenting it to the user.
+ */
+ static final int ACTION_DONT_INTERCEPT = 2;
+ /**
+ * This action causes Burp Proxy to drop the message.
+ */
+ static final int ACTION_DROP = 3;
+ /**
+ * This action causes Burp Proxy to follow the current interception rules to
+ * determine the appropriate action to take for the message, and then make a
+ * second call to processProxyMessage.
+ */
+ static final int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10;
+ /**
+ * This action causes Burp Proxy to present the message to the user for
+ * manual review or modification, and then make a second call to
+ * processProxyMessage.
+ */
+ static final int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11;
+ /**
+ * This action causes Burp Proxy to skip user interception, and then make a
+ * second call to processProxyMessage.
+ */
+ static final int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12;
+
+ /**
+ * This method retrieves a unique reference number for this
+ * request/response.
+ *
+ * @return An identifier that is unique to a single request/response pair.
+ * Extensions can use this to correlate details of requests and responses
+ * and perform processing on the response message accordingly.
+ */
+ int getMessageReference();
+
+ /**
+ * This method retrieves details of the intercepted message.
+ *
+ * @return An IHttpRequestResponse
object containing details of
+ * the intercepted message.
+ */
+ IHttpRequestResponse getMessageInfo();
+
+ /**
+ * This method retrieves the currently defined interception action. The
+ * default action is
+ * ACTION_FOLLOW_RULES
. If multiple proxy listeners are
+ * registered, then other listeners may already have modified the
+ * interception action before it reaches the current listener. This method
+ * can be used to determine whether this has occurred.
+ *
+ * @return The currently defined interception action. Possible values are
+ * defined within this interface.
+ */
+ int getInterceptAction();
+
+ /**
+ * This method is used to update the interception action.
+ *
+ * @param interceptAction The new interception action. Possible values are
+ * defined within this interface.
+ */
+ void setInterceptAction(int interceptAction);
+
+ /**
+ * This method retrieves the name of the Burp Proxy listener that is
+ * processing the intercepted message.
+ *
+ * @return The name of the Burp Proxy listener that is processing the
+ * intercepted message. The format is the same as that shown in the Proxy
+ * Listeners UI - for example, "127.0.0.1:8080".
+ */
+ String getListenerInterface();
+
+ /**
+ * This method retrieves the client IP address from which the request for
+ * the intercepted message was received.
+ *
+ * @return The client IP address from which the request for the intercepted
+ * message was received.
+ */
+ InetAddress getClientIpAddress();
+}
diff --git a/jsbeautifier/src/burp/IIntruderAttack.java b/jsbeautifier/src/burp/IIntruderAttack.java
new file mode 100644
index 0000000..8305fbb
--- /dev/null
+++ b/jsbeautifier/src/burp/IIntruderAttack.java
@@ -0,0 +1,31 @@
+package burp;
+
+/*
+ * @(#)IIntruderAttack.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * This interface is used to hold details about an Intruder attack.
+ */
+public interface IIntruderAttack
+{
+ /**
+ * This method is used to retrieve the HTTP service for the attack.
+ *
+ * @return The HTTP service for the attack.
+ */
+ IHttpService getHttpService();
+
+ /**
+ * This method is used to retrieve the request template for the attack.
+ *
+ * @return The request template for the attack.
+ */
+ byte[] getRequestTemplate();
+
+}
diff --git a/jsbeautifier/src/burp/IIntruderPayloadGenerator.java b/jsbeautifier/src/burp/IIntruderPayloadGenerator.java
new file mode 100644
index 0000000..ba28643
--- /dev/null
+++ b/jsbeautifier/src/burp/IIntruderPayloadGenerator.java
@@ -0,0 +1,50 @@
+package burp;
+
+/*
+ * @(#)IIntruderPayloadGenerator.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * This interface is used for custom Intruder payload generators. Extensions
+ * that have registered an
+ * IIntruderPayloadGeneratorFactory
must return a new instance of
+ * this interface when required as part of a new Intruder attack.
+ */
+public interface IIntruderPayloadGenerator
+{
+ /**
+ * This method is used by Burp to determine whether the payload generator is
+ * able to provide any further payloads.
+ *
+ * @return Extensions should return
+ * false
when all the available payloads have been used up,
+ * otherwise
+ * true
.
+ */
+ boolean hasMorePayloads();
+
+ /**
+ * This method is used by Burp to obtain the value of the next payload.
+ *
+ * @param baseValue The base value of the current payload position. This
+ * value may be
+ * null
if the concept of a base value is not applicable (e.g.
+ * in a battering ram attack).
+ * @return The next payload to use in the attack.
+ */
+ byte[] getNextPayload(byte[] baseValue);
+
+ /**
+ * This method is used by Burp to reset the state of the payload generator
+ * so that the next call to
+ * getNextPayload()
returns the first payload again. This
+ * method will be invoked when an attack uses the same payload generator for
+ * more than one payload position, for example in a sniper attack.
+ */
+ void reset();
+}
diff --git a/jsbeautifier/src/burp/IIntruderPayloadGeneratorFactory.java b/jsbeautifier/src/burp/IIntruderPayloadGeneratorFactory.java
new file mode 100644
index 0000000..2386306
--- /dev/null
+++ b/jsbeautifier/src/burp/IIntruderPayloadGeneratorFactory.java
@@ -0,0 +1,40 @@
+package burp;
+
+/*
+ * @(#)IIntruderPayloadGeneratorFactory.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * Extensions can implement this interface and then call
+ * IBurpExtenderCallbacks.registerIntruderPayloadGeneratorFactory()
+ * to register a factory for custom Intruder payloads.
+ */
+public interface IIntruderPayloadGeneratorFactory
+{
+ /**
+ * This method is used by Burp to obtain the name of the payload generator.
+ * This will be displayed as an option within the Intruder UI when the user
+ * selects to use extension-generated payloads.
+ *
+ * @return The name of the payload generator.
+ */
+ String getGeneratorName();
+
+ /**
+ * This method is used by Burp when the user starts an Intruder attack that
+ * uses this payload generator.
+ *
+ * @param attack An
+ * IIntruderAttack
object that can be queried to obtain details
+ * about the attack in which the payload generator will be used.
+ * @return A new instance of
+ * IIntruderPayloadGenerator
that will be used to generate
+ * payloads for the attack.
+ */
+ IIntruderPayloadGenerator createNewInstance(IIntruderAttack attack);
+}
diff --git a/jsbeautifier/src/burp/IIntruderPayloadProcessor.java b/jsbeautifier/src/burp/IIntruderPayloadProcessor.java
new file mode 100644
index 0000000..56d7fea
--- /dev/null
+++ b/jsbeautifier/src/burp/IIntruderPayloadProcessor.java
@@ -0,0 +1,45 @@
+package burp;
+
+/*
+ * @(#)IIntruderPayloadProcessor.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * Extensions can implement this interface and then call
+ * IBurpExtenderCallbacks.registerIntruderPayloadProcessor()
to
+ * register a custom Intruder payload processor.
+ */
+public interface IIntruderPayloadProcessor
+{
+ /**
+ * This method is used by Burp to obtain the name of the payload processor.
+ * This will be displayed as an option within the Intruder UI when the user
+ * selects to use an extension-provided payload processor.
+ *
+ * @return The name of the payload processor.
+ */
+ String getProcessorName();
+
+ /**
+ * This method is invoked by Burp each time the processor should be applied
+ * to an Intruder payload.
+ *
+ * @param currentPayload The value of the payload to be processed.
+ * @param originalPayload The value of the original payload prior to
+ * processing by any already-applied processing rules.
+ * @param baseValue The base value of the payload position, which will be
+ * replaced with the current payload.
+ * @return The value of the processed payload. This may be
+ * null
to indicate that the current payload should be skipped,
+ * and the attack will move directly to the next payload.
+ */
+ byte[] processPayload(
+ byte[] currentPayload,
+ byte[] originalPayload,
+ byte[] baseValue);
+}
diff --git a/jsbeautifier/src/burp/IMenuItemHandler.java b/jsbeautifier/src/burp/IMenuItemHandler.java
new file mode 100644
index 0000000..d769b8c
--- /dev/null
+++ b/jsbeautifier/src/burp/IMenuItemHandler.java
@@ -0,0 +1,36 @@
+package burp;
+
+/*
+ * @(#)IMenuItemHandler.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * Extensions can implement this interface and then call
+ * IBurpExtenderCallbacks.registerMenuItem()
to register a custom
+ * context menu item.
+ *
+ * @deprecated Use
+ * IContextMenuFactory
instead.
+ */
+@Deprecated
+public interface IMenuItemHandler
+{
+ /**
+ * This method is invoked by Burp Suite when the user clicks on a custom
+ * menu item which the extension has registered with Burp.
+ *
+ * @param menuItemCaption The caption of the menu item which was clicked.
+ * This parameter enables extensions to provide a single implementation
+ * which handles multiple different menu items.
+ * @param messageInfo Details of the HTTP message(s) for which the context
+ * menu was displayed.
+ */
+ void menuItemClicked(
+ String menuItemCaption,
+ IHttpRequestResponse[] messageInfo);
+}
diff --git a/jsbeautifier/src/burp/IMessageEditor.java b/jsbeautifier/src/burp/IMessageEditor.java
new file mode 100644
index 0000000..4b6ccb3
--- /dev/null
+++ b/jsbeautifier/src/burp/IMessageEditor.java
@@ -0,0 +1,64 @@
+package burp;
+
+/*
+ * @(#)IMessageEditor.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.awt.Component;
+
+/**
+ * This interface is used to provide extensions with an instance of Burp's HTTP
+ * message editor, for the extension to use in its own UI. Extensions should
+ * call
+ * IBurpExtenderCallbacks.createMessageEditor()
to obtain an
+ * instance of this interface.
+ */
+public interface IMessageEditor
+{
+ /**
+ * This method returns the UI component of the editor, for extensions to add
+ * to their own UI.
+ *
+ * @return The UI component of the editor.
+ */
+ Component getComponent();
+
+ /**
+ * This method is used to display an HTTP message in the editor.
+ *
+ * @param message The HTTP message to be displayed.
+ * @param isRequest Flags whether the message is an HTTP request or
+ * response.
+ */
+ void setMessage(byte[] message, boolean isRequest);
+
+ /**
+ * This method is used to retrieve the currently displayed message, which
+ * may have been modified by the user.
+ *
+ * @return The currently displayed HTTP message.
+ */
+ byte[] getMessage();
+
+ /**
+ * This method is used to determine whether the current message has been
+ * modified by the user.
+ *
+ * @return An indication of whether the current message has been modified by
+ * the user since it was first displayed.
+ */
+ boolean isMessageModified();
+
+ /**
+ * This method returns the data that is currently selected by the user.
+ *
+ * @return The data that is currently selected by the user, or
+ * null
if no selection is made.
+ */
+ byte[] getSelectedData();
+}
diff --git a/jsbeautifier/src/burp/IMessageEditorController.java b/jsbeautifier/src/burp/IMessageEditorController.java
new file mode 100644
index 0000000..99f5851
--- /dev/null
+++ b/jsbeautifier/src/burp/IMessageEditorController.java
@@ -0,0 +1,49 @@
+package burp;
+
+/*
+ * @(#)IMessageEditorController.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * This interface is used by an
+ * IMessageEditor
to obtain details about the currently displayed
+ * message. Extensions that create instances of Burp's HTTP message editor can
+ * optionally provide an implementation of
+ * IMessageEditorController
, which the editor will invoke when it
+ * requires further information about the current message (for example, to send
+ * it to another Burp tool). Extensions that provide custom editor tabs via an
+ * IMessageEditorTabFactory
will receive a reference to an
+ * IMessageEditorController
object for each tab instance they
+ * generate, which the tab can invoke if it requires further information about
+ * the current message.
+ */
+public interface IMessageEditorController
+{
+ /**
+ * This method is used to retrieve the HTTP service for the current message.
+ *
+ * @return The HTTP service for the current message.
+ */
+ IHttpService getHttpService();
+
+ /**
+ * This method is used to retrieve the HTTP request associated with the
+ * current message (which may itself be a response).
+ *
+ * @return The HTTP request associated with the current message.
+ */
+ byte[] getRequest();
+
+ /**
+ * This method is used to retrieve the HTTP response associated with the
+ * current message (which may itself be a request).
+ *
+ * @return The HTTP response associated with the current message.
+ */
+ byte[] getResponse();
+}
diff --git a/jsbeautifier/src/burp/IMessageEditorTab.java b/jsbeautifier/src/burp/IMessageEditorTab.java
new file mode 100644
index 0000000..0b95dae
--- /dev/null
+++ b/jsbeautifier/src/burp/IMessageEditorTab.java
@@ -0,0 +1,102 @@
+package burp;
+
+/*
+ * @(#)IMessageEditorTab.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.awt.Component;
+
+/**
+ * Extensions that register an
+ * IMessageEditorTabFactory
must return instances of this
+ * interface, which Burp will use to create custom tabs within its HTTP message
+ * editors.
+ */
+public interface IMessageEditorTab
+{
+ /**
+ * This method returns the caption that should appear on the custom tab when
+ * it is displayed. Note: Burp invokes this method once when the tab
+ * is first generated, and the same caption will be used every time the tab
+ * is displayed.
+ *
+ * @return The caption that should appear on the custom tab when it is
+ * displayed.
+ */
+ String getTabCaption();
+
+ /**
+ * This method returns the component that should be used as the contents of
+ * the custom tab when it is displayed. Note: Burp invokes this
+ * method once when the tab is first generated, and the same component will
+ * be used every time the tab is displayed.
+ *
+ * @return The component that should be used as the contents of the custom
+ * tab when it is displayed.
+ */
+ Component getUiComponent();
+
+ /**
+ * The hosting editor will invoke this method before it displays a new HTTP
+ * message, so that the custom tab can indicate whether it should be enabled
+ * for that message.
+ *
+ * @param content The message that is about to be displayed.
+ * @param isRequest Indicates whether the message is a request or a
+ * response.
+ * @return The method should return
+ * true
if the custom tab is able to handle the specified
+ * message, and so will be displayed within the editor. Otherwise, the tab
+ * will be hidden while this message is displayed.
+ */
+ boolean isEnabled(byte[] content, boolean isRequest);
+
+ /**
+ * The hosting editor will invoke this method to display a new message or to
+ * clear the existing message. This method will only be called with a new
+ * message if the tab has already returned
+ * true
to a call to
+ * isEnabled()
with the same message details.
+ *
+ * @param content The message that is to be displayed, or
+ * null
if the tab should clear its contents and disable any
+ * editable controls.
+ * @param isRequest Indicates whether the message is a request or a
+ * response.
+ */
+ void setMessage(byte[] content, boolean isRequest);
+
+ /**
+ * This method returns the currently displayed message.
+ *
+ * @return The currently displayed message.
+ */
+ byte[] getMessage();
+
+ /**
+ * This method is used to determine whether the currently displayed message
+ * has been modified by the user. The hosting editor will always call
+ * getMessage()
before calling this method, so any pending
+ * edits should be completed within
+ * getMessage()
.
+ *
+ * @return The method should return
+ * true
if the user has modified the current message since it
+ * was first displayed.
+ */
+ boolean isModified();
+
+ /**
+ * This method is used to retrieve the data that is currently selected by
+ * the user.
+ *
+ * @return The data that is currently selected by the user. This may be
+ * null
if no selection is currently made.
+ */
+ byte[] getSelectedData();
+}
diff --git a/jsbeautifier/src/burp/IMessageEditorTabFactory.java b/jsbeautifier/src/burp/IMessageEditorTabFactory.java
new file mode 100644
index 0000000..afc1200
--- /dev/null
+++ b/jsbeautifier/src/burp/IMessageEditorTabFactory.java
@@ -0,0 +1,38 @@
+package burp;
+
+/*
+ * @(#)IMessageEditorTabFactory.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * Extensions can implement this interface and then call
+ * IBurpExtenderCallbacks.registerMessageEditorTabFactory()
to
+ * register a factory for custom message editor tabs. This allows extensions to
+ * provide custom rendering or editing of HTTP messages, within Burp's own HTTP
+ * editor.
+ */
+public interface IMessageEditorTabFactory
+{
+ /**
+ * Burp will call this method once for each HTTP message editor, and the
+ * factory should provide a new instance of an
+ * IMessageEditorTab
object.
+ *
+ * @param controller An
+ * IMessageEditorController
object, which the new tab can query
+ * to retrieve details about the currently displayed message. This may be
+ * null
for extension-invoked message editors where the
+ * extension has not provided an editor controller.
+ * @param editable Indicates whether the hosting editor is editable or
+ * read-only.
+ * @return A new
+ * IMessageEditorTab
object for use within the message editor.
+ */
+ IMessageEditorTab createNewInstance(IMessageEditorController controller,
+ boolean editable);
+}
diff --git a/jsbeautifier/src/burp/IParameter.java b/jsbeautifier/src/burp/IParameter.java
new file mode 100644
index 0000000..f62d609
--- /dev/null
+++ b/jsbeautifier/src/burp/IParameter.java
@@ -0,0 +1,104 @@
+package burp;
+
+/*
+ * @(#)IParameter.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * This interface is used to hold details about an HTTP request parameter.
+ */
+public interface IParameter
+{
+ /**
+ * Used to indicate a parameter within the URL query string.
+ */
+ static final byte PARAM_URL = 0;
+ /**
+ * Used to indicate a parameter within the message body.
+ */
+ static final byte PARAM_BODY = 1;
+ /**
+ * Used to indicate an HTTP cookie.
+ */
+ static final byte PARAM_COOKIE = 2;
+ /**
+ * Used to indicate an item of data within an XML structure.
+ */
+ static final byte PARAM_XML = 3;
+ /**
+ * Used to indicate the value of a tag attribute within an XML structure.
+ */
+ static final byte PARAM_XML_ATTR = 4;
+ /**
+ * Used to indicate the value of a parameter attribute within a multi-part
+ * message body (such as the name of an uploaded file).
+ */
+ static final byte PARAM_MULTIPART_ATTR = 5;
+ /**
+ * Used to indicate an item of data within a JSON structure.
+ */
+ static final byte PARAM_JSON = 6;
+
+ /**
+ * This method is used to retrieve the parameter type.
+ *
+ * @return The parameter type. The available types are defined within this
+ * interface.
+ */
+ byte getType();
+
+ /**
+ * This method is used to retrieve the parameter name.
+ *
+ * @return The parameter name.
+ */
+ String getName();
+
+ /**
+ * This method is used to retrieve the parameter value.
+ *
+ * @return The parameter value.
+ */
+ String getValue();
+
+ /**
+ * This method is used to retrieve the start offset of the parameter name
+ * within the HTTP request.
+ *
+ * @return The start offset of the parameter name within the HTTP request,
+ * or -1 if the parameter is not associated with a specific request.
+ */
+ int getNameStart();
+
+ /**
+ * This method is used to retrieve the end offset of the parameter name
+ * within the HTTP request.
+ *
+ * @return The end offset of the parameter name within the HTTP request, or
+ * -1 if the parameter is not associated with a specific request.
+ */
+ int getNameEnd();
+
+ /**
+ * This method is used to retrieve the start offset of the parameter value
+ * within the HTTP request.
+ *
+ * @return The start offset of the parameter value within the HTTP request,
+ * or -1 if the parameter is not associated with a specific request.
+ */
+ int getValueStart();
+
+ /**
+ * This method is used to retrieve the end offset of the parameter value
+ * within the HTTP request.
+ *
+ * @return The end offset of the parameter value within the HTTP request, or
+ * -1 if the parameter is not associated with a specific request.
+ */
+ int getValueEnd();
+}
diff --git a/jsbeautifier/src/burp/IProxyListener.java b/jsbeautifier/src/burp/IProxyListener.java
new file mode 100644
index 0000000..e032a9d
--- /dev/null
+++ b/jsbeautifier/src/burp/IProxyListener.java
@@ -0,0 +1,37 @@
+package burp;
+
+/*
+ * @(#)IProxyListener.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * Extensions can implement this interface and then call
+ * IBurpExtenderCallbacks.registerProxyListener()
to register a
+ * Proxy listener. The listener will be notified of requests and responses being
+ * processed by the Proxy tool. Extensions can perform custom analysis or
+ * modification of these messages, and control in-UI message interception, by
+ * registering a proxy listener.
+ */
+public interface IProxyListener
+{
+ /**
+ * This method is invoked when an HTTP message is being processed by the
+ * Proxy.
+ *
+ * @param messageIsRequest Indicates whether the HTTP message is a request
+ * or a response.
+ * @param message An
+ * IInterceptedProxyMessage
object that extensions can use to
+ * query and update details of the message, and control whether the message
+ * should be intercepted and displayed to the user for manual review or
+ * modification.
+ */
+ void processProxyMessage(
+ boolean messageIsRequest,
+ IInterceptedProxyMessage message);
+}
diff --git a/jsbeautifier/src/burp/IRequestInfo.java b/jsbeautifier/src/burp/IRequestInfo.java
new file mode 100644
index 0000000..1ae8f9c
--- /dev/null
+++ b/jsbeautifier/src/burp/IRequestInfo.java
@@ -0,0 +1,95 @@
+package burp;
+
+/*
+ * @(#)IRequestInfo.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.net.URL;
+import java.util.List;
+
+/**
+ * This interface is used to retrieve key details about an HTTP request.
+ * Extensions can obtain an
+ * IRequestInfo
object for a given request by calling
+ * IExtensionHelpers.analyzeRequest()
.
+ */
+public interface IRequestInfo
+{
+ /**
+ * Used to indicate that there is no content.
+ */
+ static final byte CONTENT_TYPE_NONE = 0;
+ /**
+ * Used to indicate URL-encoded content.
+ */
+ static final byte CONTENT_TYPE_URL_ENCODED = 1;
+ /**
+ * Used to indicate multi-part content.
+ */
+ static final byte CONTENT_TYPE_MULTIPART = 2;
+ /**
+ * Used to indicate XML content.
+ */
+ static final byte CONTENT_TYPE_XML = 3;
+ /**
+ * Used to indicate JSON content.
+ */
+ static final byte CONTENT_TYPE_JSON = 4;
+ /**
+ * Used to indicate AMF content.
+ */
+ static final byte CONTENT_TYPE_AMF = 5;
+ /**
+ * Used to indicate unknown content.
+ */
+ static final byte CONTENT_TYPE_UNKNOWN = -1;
+
+ /**
+ * This method is used to obtain the HTTP method used in the request.
+ *
+ * @return The HTTP method used in the request.
+ */
+ String getMethod();
+
+ /**
+ * This method is used to obtain the URL in the request.
+ *
+ * @return The URL in the request.
+ */
+ URL getUrl();
+
+ /**
+ * This method is used to obtain the HTTP headers contained in the request.
+ *
+ * @return The HTTP headers contained in the request.
+ */
+ List getHeaders();
+
+ /**
+ * This method is used to obtain the parameters contained in the request.
+ *
+ * @return The parameters contained in the request.
+ */
+ List getParameters();
+
+ /**
+ * This method is used to obtain the offset within the request where the
+ * message body begins.
+ *
+ * @return The offset within the request where the message body begins.
+ */
+ int getBodyOffset();
+
+ /**
+ * This method is used to obtain the content type of the message body.
+ *
+ * @return An indication of the content type of the message body. Available
+ * types are defined within this interface.
+ */
+ byte getContentType();
+}
diff --git a/jsbeautifier/src/burp/IResponseInfo.java b/jsbeautifier/src/burp/IResponseInfo.java
new file mode 100644
index 0000000..8435f0a
--- /dev/null
+++ b/jsbeautifier/src/burp/IResponseInfo.java
@@ -0,0 +1,73 @@
+package burp;
+
+/*
+ * @(#)IResponseInfo.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.util.List;
+
+/**
+ * This interface is used to retrieve key details about an HTTP response.
+ * Extensions can obtain an
+ * IResponseInfo
object for a given response by calling
+ * IExtensionHelpers.analyzeResponse()
.
+ */
+public interface IResponseInfo
+{
+ /**
+ * This method is used to obtain the HTTP headers contained in the response.
+ *
+ * @return The HTTP headers contained in the response.
+ */
+ List getHeaders();
+
+ /**
+ * This method is used to obtain the offset within the response where the
+ * message body begins.
+ *
+ * @return The offset within the response where the message body begins.
+ */
+ int getBodyOffset();
+
+ /**
+ * This method is used to obtain the HTTP status code contained in the
+ * response.
+ *
+ * @return The HTTP status code contained in the response.
+ */
+ short getStatusCode();
+
+ /**
+ * This method is used to obtain details of the HTTP cookies set in the
+ * response.
+ *
+ * @return A list of ICookie
objects representing the cookies
+ * set in the response, if any.
+ */
+ List getCookies();
+
+ /**
+ * This method is used to obtain the MIME type of the response, as stated in
+ * the HTTP headers.
+ *
+ * @return A textual label for the stated MIME type, or an empty String if
+ * this is not known or recognized. The possible labels are the same as
+ * those used in the main Burp UI.
+ */
+ String getStatedMimeType();
+
+ /**
+ * This method is used to obtain the MIME type of the response, as inferred
+ * from the contents of the HTTP message body.
+ *
+ * @return A textual label for the inferred MIME type, or an empty String if
+ * this is not known or recognized. The possible labels are the same as
+ * those used in the main Burp UI.
+ */
+ String getInferredMimeType();
+}
diff --git a/jsbeautifier/src/burp/IScanIssue.java b/jsbeautifier/src/burp/IScanIssue.java
new file mode 100644
index 0000000..532e8b9
--- /dev/null
+++ b/jsbeautifier/src/burp/IScanIssue.java
@@ -0,0 +1,120 @@
+package burp;
+
+/*
+ * @(#)IScanIssue.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * This interface is used to retrieve details of Scanner issues. Extensions can
+ * obtain details of issues by registering an
+ * IScannerListener
or by calling
+ * IBurpExtenderCallbacks.getScanIssues()
. Extensions can also add
+ * custom Scanner issues by registering an
+ * IScannerCheck
or calling
+ * IBurpExtenderCallbacks.addScanIssue()
, and providing their own
+ * implementations of this interface
+ */
+public interface IScanIssue
+{
+ /**
+ * This method returns the URL for which the issue was generated.
+ *
+ * @return The URL for which the issue was generated.
+ */
+ java.net.URL getUrl();
+
+ /**
+ * This method returns the name of the issue type.
+ *
+ * @return The name of the issue type (e.g. "SQL injection").
+ */
+ String getIssueName();
+
+ /**
+ * This method returns a numeric identifier of the issue type. See the Burp
+ * Scanner help documentation for a listing of all the issue types.
+ *
+ * @return A numeric identifier of the issue type.
+ */
+ int getIssueType();
+
+ /**
+ * This method returns the issue severity level.
+ *
+ * @return The issue severity level. Expected values are "High", "Medium",
+ * "Low", "Information" or "False positive".
+ *
+ */
+ String getSeverity();
+
+ /**
+ * This method returns the issue confidence level.
+ *
+ * @return The issue confidence level. Expected values are "Certain", "Firm"
+ * or "Tentative".
+ */
+ String getConfidence();
+
+ /**
+ * This method returns a background description for this type of issue.
+ *
+ * @return A background description for this type of issue, or
+ * null
if none applies.
+ */
+ String getIssueBackground();
+
+ /**
+ * This method returns a background description of the remediation for this
+ * type of issue.
+ *
+ * @return A background description of the remediation for this type of
+ * issue, or
+ * null
if none applies.
+ */
+ String getRemediationBackground();
+
+ /**
+ * This method returns detailed information about this specific instance of
+ * the issue.
+ *
+ * @return Detailed information about this specific instance of the issue,
+ * or
+ * null
if none applies.
+ */
+ String getIssueDetail();
+
+ /**
+ * This method returns detailed information about the remediation for this
+ * specific instance of the issue.
+ *
+ * @return Detailed information about the remediation for this specific
+ * instance of the issue, or
+ * null
if none applies.
+ */
+ String getRemediationDetail();
+
+ /**
+ * This method returns the HTTP messages on the basis of which the issue was
+ * generated.
+ *
+ * @return The HTTP messages on the basis of which the issue was generated.
+ * Note: The items in this array should be instances of
+ * IHttpRequestResponseWithMarkers
if applicable, so that
+ * details of the relevant portions of the request and response messages are
+ * available.
+ */
+ IHttpRequestResponse[] getHttpMessages();
+
+ /**
+ * This method returns the HTTP service for which the issue was generated.
+ *
+ * @return The HTTP service for which the issue was generated.
+ */
+ IHttpService getHttpService();
+
+}
diff --git a/jsbeautifier/src/burp/IScanQueueItem.java b/jsbeautifier/src/burp/IScanQueueItem.java
new file mode 100644
index 0000000..1716854
--- /dev/null
+++ b/jsbeautifier/src/burp/IScanQueueItem.java
@@ -0,0 +1,80 @@
+package burp;
+
+/*
+ * @(#)IScanQueueItem.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * This interface is used to retrieve details of items in the Burp Scanner
+ * active scan queue. Extensions can obtain references to scan queue items by
+ * calling
+ * IBurpExtenderCallbacks.doActiveScan()
.
+ */
+public interface IScanQueueItem
+{
+ /**
+ * This method returns a description of the status of the scan queue item.
+ *
+ * @return A description of the status of the scan queue item.
+ */
+ String getStatus();
+
+ /**
+ * This method returns an indication of the percentage completed for the
+ * scan queue item.
+ *
+ * @return An indication of the percentage completed for the scan queue
+ * item.
+ */
+ byte getPercentageComplete();
+
+ /**
+ * This method returns the number of requests that have been made for the
+ * scan queue item.
+ *
+ * @return The number of requests that have been made for the scan queue
+ * item.
+ */
+ int getNumRequests();
+
+ /**
+ * This method returns the number of network errors that have occurred for
+ * the scan queue item.
+ *
+ * @return The number of network errors that have occurred for the scan
+ * queue item.
+ */
+ int getNumErrors();
+
+ /**
+ * This method returns the number of attack insertion points being used for
+ * the scan queue item.
+ *
+ * @return The number of attack insertion points being used for the scan
+ * queue item.
+ */
+ int getNumInsertionPoints();
+
+ /**
+ * This method allows the scan queue item to be canceled.
+ */
+ void cancel();
+
+ /**
+ * This method returns details of the issues generated for the scan queue
+ * item. Note: different items within the scan queue may contain
+ * duplicated versions of the same issues - for example, if the same request
+ * has been scanned multiple times. Duplicated issues are consolidated in
+ * the main view of scan results. Extensions can register an
+ * IScannerListener
to get details only of unique, newly
+ * discovered Scanner issues post-consolidation.
+ *
+ * @return Details of the issues generated for the scan queue item.
+ */
+ IScanIssue[] getIssues();
+}
diff --git a/jsbeautifier/src/burp/IScannerCheck.java b/jsbeautifier/src/burp/IScannerCheck.java
new file mode 100644
index 0000000..ebc37b9
--- /dev/null
+++ b/jsbeautifier/src/burp/IScannerCheck.java
@@ -0,0 +1,89 @@
+package burp;
+
+/*
+ * @(#)IScannerCheck.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.util.List;
+
+/**
+ * Extensions can implement this interface and then call
+ * IBurpExtenderCallbacks.registerScannerCheck()
to register a
+ * custom Scanner check. When performing scanning, Burp will ask the check to
+ * perform active or passive scanning on the base request, and report any
+ * Scanner issues that are identified.
+ */
+public interface IScannerCheck
+{
+ /**
+ * The Scanner invokes this method for each base request / response that is
+ * passively scanned. Note: Extensions should not only analyze the
+ * HTTP messages provided during passive scanning, and should not make any
+ * new HTTP requests of their own.
+ *
+ * @param baseRequestResponse The base HTTP request / response that should
+ * be passively scanned.
+ * @return A list of
+ * IScanIssue
objects, or
+ * null
if no issues are identified.
+ */
+ List doPassiveScan(IHttpRequestResponse baseRequestResponse);
+
+ /**
+ * The Scanner invokes this method for each insertion point that is actively
+ * scanned. Extensions may issue HTTP requests as required to carry out
+ * active scanning, and should use the
+ * IScannerInsertionPoint
object provided to build scan
+ * requests for particular payloads. Note: Extensions are responsible
+ * for ensuring that attack payloads are suitably encoded within requests
+ * (for example, by URL-encoding relevant metacharacters in the URL query
+ * string). Encoding is not automatically carried out by the
+ * IScannerInsertionPoint
, because this would prevent Scanner
+ * checks from testing for certain input filter bypasses. Extensions should
+ * query the
+ * IScannerInsertionPoint
to determine its type, and apply any
+ * encoding that may be appropriate.
+ *
+ * @param baseRequestResponse The base HTTP request / response that should
+ * be actively scanned.
+ * @param insertionPoint An
+ * IScannerInsertionPoint
object that can be queried to obtain
+ * details of the insertion point being tested, and can be used to build
+ * scan requests for particular payloads.
+ * @return A list of
+ * IScanIssue
objects, or
+ * null
if no issues are identified.
+ */
+ List doActiveScan(
+ IHttpRequestResponse baseRequestResponse,
+ IScannerInsertionPoint insertionPoint);
+
+ /**
+ * The Scanner invokes this method when the custom Scanner check has
+ * reported multiple issues for the same URL path. This can arise either
+ * because there are multiple distinct vulnerabilities, or because the same
+ * (or a similar) request has been scanned more than once. The custom check
+ * should determine whether the issues are duplicates. In most cases, where
+ * a check uses distinct issue names or descriptions for distinct issues,
+ * the consolidation process will simply be a matter of comparing these
+ * features for the two issues.
+ *
+ * @param existingIssue An issue that was previously reported by this
+ * Scanner check.
+ * @param newIssue An issue at the same URL path that has been newly
+ * reported by this Scanner check.
+ * @return An indication of which issue(s) should be reported in the main
+ * Scanner results. The method should return
+ * -1
to report the existing issue only,
+ * 0
to report both issues, and
+ * 1
to report the new issue only.
+ */
+ int consolidateDuplicateIssues(
+ IScanIssue existingIssue,
+ IScanIssue newIssue);
+}
diff --git a/jsbeautifier/src/burp/IScannerInsertionPoint.java b/jsbeautifier/src/burp/IScannerInsertionPoint.java
new file mode 100644
index 0000000..4b4aabb
--- /dev/null
+++ b/jsbeautifier/src/burp/IScannerInsertionPoint.java
@@ -0,0 +1,156 @@
+package burp;
+
+/*
+ * @(#)IScannerInsertionPoint.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * This interface is used to define an insertion point for use by active Scanner
+ * checks. Extensions can obtain instances of this interface by registering an
+ * IScannerCheck
, or can create instances for use by Burp's own
+ * scan checks by registering an
+ * IScannerInsertionPointProvider
.
+ */
+public interface IScannerInsertionPoint
+{
+ /**
+ * Used to indicate where the payload is inserted into the value of a URL
+ * parameter.
+ */
+ static final byte INS_PARAM_URL = 0x00;
+ /**
+ * Used to indicate where the payload is inserted into the value of a body
+ * parameter.
+ */
+ static final byte INS_PARAM_BODY = 0x01;
+ /**
+ * Used to indicate where the payload is inserted into the value of an HTTP
+ * cookie.
+ */
+ static final byte INS_PARAM_COOKIE = 0x02;
+ /**
+ * Used to indicate where the payload is inserted into the value of an item
+ * of data within an XML data structure.
+ */
+ static final byte INS_PARAM_XML = 0x03;
+ /**
+ * Used to indicate where the payload is inserted into the value of a tag
+ * attribute within an XML structure.
+ */
+ static final byte INS_PARAM_XML_ATTR = 0x04;
+ /**
+ * Used to indicate where the payload is inserted into the value of a
+ * parameter attribute within a multi-part message body (such as the name of
+ * an uploaded file).
+ */
+ static final byte INS_PARAM_MULTIPART_ATTR = 0x05;
+ /**
+ * Used to indicate where the payload is inserted into the value of an item
+ * of data within a JSON structure.
+ */
+ static final byte INS_PARAM_JSON = 0x06;
+ /**
+ * Used to indicate where the payload is inserted into the value of an AMF
+ * parameter.
+ */
+ static final byte INS_PARAM_AMF = 0x07;
+ /**
+ * Used to indicate where the payload is inserted into the value of an HTTP
+ * request header.
+ */
+ static final byte INS_HEADER = 0x20;
+ /**
+ * Used to indicate where the payload is inserted into a REST parameter
+ * within the URL file path.
+ */
+ static final byte INS_URL_REST = 0x21;
+ /**
+ * Used to indicate where the payload is inserted into the name of an added
+ * URL parameter.
+ */
+ static final byte INS_PARAM_NAME_URL = 0x22;
+ /**
+ * Used to indicate where the payload is inserted into the name of an added
+ * body parameter.
+ */
+ static final byte INS_PARAM_NAME_BODY = 0x23;
+ /**
+ * Used to indicate where the payload is inserted at a location manually
+ * configured by the user.
+ */
+ static final byte INS_USER_PROVIDED = 0x40;
+ /**
+ * Used to indicate where the insertion point is provided by an
+ * extension-registered
+ * IScannerInsertionPointProvider
.
+ */
+ static final byte INS_EXTENSION_PROVIDED = 0x41;
+ /**
+ * Used to indicate where the payload is inserted at an unknown location
+ * within the request.
+ */
+ static final byte INS_UNKNOWN = 0x7f;
+
+ /**
+ * This method returns the name of the insertion point.
+ *
+ * @return The name of the insertion point (for example, a description of a
+ * particular request parameter).
+ */
+ String getInsertionPointName();
+
+ /**
+ * This method returns the base value for this insertion point.
+ *
+ * @return the base value that appears in this insertion point in the base
+ * request being scanned, or
+ * null
if there is no value in the base request that
+ * corresponds to this insertion point.
+ */
+ String getBaseValue();
+
+ /**
+ * This method is used to build a request with the specified payload placed
+ * into the insertion point. Any necessary adjustments to the Content-Length
+ * header will be made by the Scanner itself when the request is issued, and
+ * there is no requirement for the insertion point to do this. Note:
+ * Burp's built-in scan checks do not apply any payload encoding (such as
+ * URL-encoding) when dealing with an extension-provided insertion point.
+ * Custom insertion points are responsible for performing any data encoding
+ * that is necessary given the nature and location of the insertion point.
+ *
+ * @param payload The payload that should be placed into the insertion
+ * point.
+ * @return The resulting request.
+ */
+ byte[] buildRequest(byte[] payload);
+
+ /**
+ * This method is used to determine the offsets of the payload value within
+ * the request, when it is placed into the insertion point. Scan checks may
+ * invoke this method when reporting issues, so as to highlight the relevant
+ * part of the request within the UI.
+ *
+ * @param payload The payload that should be placed into the insertion
+ * point.
+ * @return An int[2] array containing the start and end offsets of the
+ * payload within the request, or null if this is not applicable (for
+ * example, where the insertion point places a payload into a serialized
+ * data structure, the raw payload may not literally appear anywhere within
+ * the resulting request).
+ */
+ int[] getPayloadOffsets(byte[] payload);
+
+ /**
+ * This method returns the type of the insertion point.
+ *
+ * @return The type of the insertion point. Available types are defined in
+ * this interface.
+ */
+ byte getInsertionPointType();
+}
diff --git a/jsbeautifier/src/burp/IScannerInsertionPointProvider.java b/jsbeautifier/src/burp/IScannerInsertionPointProvider.java
new file mode 100644
index 0000000..a186530
--- /dev/null
+++ b/jsbeautifier/src/burp/IScannerInsertionPointProvider.java
@@ -0,0 +1,38 @@
+package burp;
+
+/*
+ * @(#)IScannerInsertionPointProvider.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.util.List;
+
+/**
+ * Extensions can implement this interface and then call
+ * IBurpExtenderCallbacks.registerScannerInsertionPointProvider()
+ * to register a factory for custom Scanner insertion points.
+ */
+public interface IScannerInsertionPointProvider
+{
+ /**
+ * When a request is actively scanned, the Scanner will invoke this method,
+ * and the provider should provide a list of custom insertion points that
+ * will be used in the scan. Note: these insertion points are used in
+ * addition to those that are derived from Burp Scanner's configuration, and
+ * those provided by any other Burp extensions.
+ *
+ * @param baseRequestResponse The base request that will be actively
+ * scanned.
+ * @return A list of
+ * IScannerInsertionPoint
objects that should be used in the
+ * scanning, or
+ * null
if no custom insertion points are applicable for this
+ * request.
+ */
+ List getInsertionPoints(
+ IHttpRequestResponse baseRequestResponse);
+}
diff --git a/jsbeautifier/src/burp/IScannerListener.java b/jsbeautifier/src/burp/IScannerListener.java
new file mode 100644
index 0000000..85e7cbb
--- /dev/null
+++ b/jsbeautifier/src/burp/IScannerListener.java
@@ -0,0 +1,30 @@
+package burp;
+
+/*
+ * @(#)IScannerListener.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * Extensions can implement this interface and then call
+ * IBurpExtenderCallbacks.registerScannerListener()
to register a
+ * Scanner listener. The listener will be notified of new issues that are
+ * reported by the Scanner tool. Extensions can perform custom analysis or
+ * logging of Scanner issues by registering a Scanner listener.
+ */
+public interface IScannerListener
+{
+ /**
+ * This method is invoked when a new issue is added to Burp Scanner's
+ * results.
+ *
+ * @param issue An
+ * IScanIssue
object that the extension can query to obtain
+ * details about the new issue.
+ */
+ void newScanIssue(IScanIssue issue);
+}
diff --git a/jsbeautifier/src/burp/IScopeChangeListener.java b/jsbeautifier/src/burp/IScopeChangeListener.java
new file mode 100644
index 0000000..3ea929a
--- /dev/null
+++ b/jsbeautifier/src/burp/IScopeChangeListener.java
@@ -0,0 +1,25 @@
+package burp;
+
+/*
+ * @(#)IScopeChangeListener.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * Extensions can implement this interface and then call
+ * IBurpExtenderCallbacks.registerScopeChangeListener()
to register
+ * a scope change listener. The listener will be notified whenever a change
+ * occurs to Burp's suite-wide target scope.
+ */
+public interface IScopeChangeListener
+{
+ /**
+ * This method is invoked whenever a change occurs to Burp's suite-wide
+ * target scope.
+ */
+ void scopeChanged();
+}
diff --git a/jsbeautifier/src/burp/ISessionHandlingAction.java b/jsbeautifier/src/burp/ISessionHandlingAction.java
new file mode 100644
index 0000000..3915332
--- /dev/null
+++ b/jsbeautifier/src/burp/ISessionHandlingAction.java
@@ -0,0 +1,51 @@
+package burp;
+
+/*
+ * @(#)ISessionHandlingAction.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * Extensions can implement this interface and then call
+ * IBurpExtenderCallbacks.registerSessionHandlingAction()
to
+ * register a custom session handling action. Each registered action will be
+ * available within the session handling rule UI for the user to select as a
+ * rule action. Users can choose to invoke an action directly in its own right,
+ * or following execution of a macro.
+ */
+public interface ISessionHandlingAction
+{
+ /**
+ * This method is used by Burp to obtain the name of the session handling
+ * action. This will be displayed as an option within the session handling
+ * rule editor when the user selects to execute an extension-provided
+ * action.
+ *
+ * @return The name of the action.
+ */
+ String getActionName();
+
+ /**
+ * This method is invoked when the session handling action should be
+ * executed. This may happen as an action in its own right, or as a
+ * sub-action following execution of a macro.
+ *
+ * @param currentRequest The base request that is currently being processed.
+ * The action can query this object to obtain details about the base
+ * request. It can issue additional requests of its own if necessary, and
+ * can use the setter methods on this object to update the base request.
+ * @param macroItems If the action is invoked following execution of a
+ * macro, this parameter contains the result of executing the macro.
+ * Otherwise, it is
+ * null
. Actions can use the details of the macro items to
+ * perform custom analysis of the macro to derive values of non-standard
+ * session handling tokens, etc.
+ */
+ void performAction(
+ IHttpRequestResponse currentRequest,
+ IHttpRequestResponse[] macroItems);
+}
diff --git a/jsbeautifier/src/burp/ITab.java b/jsbeautifier/src/burp/ITab.java
new file mode 100644
index 0000000..5a00017
--- /dev/null
+++ b/jsbeautifier/src/burp/ITab.java
@@ -0,0 +1,38 @@
+package burp;
+
+/*
+ * @(#)ITab.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.awt.Component;
+
+/**
+ * This interface is used to provide Burp with details of a custom tab that will
+ * be added to Burp's UI, using a method such as
+ * IBurpExtenderCallbacks.addSuiteTab()
.
+ */
+public interface ITab
+{
+ /**
+ * Burp uses this method to obtain the caption that should appear on the
+ * custom tab when it is displayed.
+ *
+ * @return The caption that should appear on the custom tab when it is
+ * displayed.
+ */
+ String getTabCaption();
+
+ /**
+ * Burp uses this method to obtain the component that should be used as the
+ * contents of the custom tab when it is displayed.
+ *
+ * @return The component that should be used as the contents of the custom
+ * tab when it is displayed.
+ */
+ Component getUiComponent();
+}
diff --git a/jsbeautifier/src/burp/ITempFile.java b/jsbeautifier/src/burp/ITempFile.java
new file mode 100644
index 0000000..9e3e83d
--- /dev/null
+++ b/jsbeautifier/src/burp/ITempFile.java
@@ -0,0 +1,33 @@
+package burp;
+
+/*
+ * @(#)ITempFile.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * This interface is used to hold details of a temporary file that has been
+ * created via a call to
+ * IBurpExtenderCallbacks.saveToTempFile()
.
+ *
+ */
+public interface ITempFile
+{
+ /**
+ * This method is used to retrieve the contents of the buffer that was saved
+ * in the temporary file.
+ *
+ * @return The contents of the buffer that was saved in the temporary file.
+ */
+ byte[] getBuffer();
+
+ /**
+ * This method is used to permanently delete the temporary file when it is
+ * no longer required.
+ */
+ void delete();
+}
diff --git a/jsbeautifier/src/burp/ITextEditor.java b/jsbeautifier/src/burp/ITextEditor.java
new file mode 100644
index 0000000..5b23c84
--- /dev/null
+++ b/jsbeautifier/src/burp/ITextEditor.java
@@ -0,0 +1,90 @@
+package burp;
+
+/*
+ * @(#)ITextEditor.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Free Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.awt.Component;
+
+/**
+ * This interface is used to provide extensions with an instance of Burp's raw
+ * text editor, for the extension to use in its own UI. Extensions should call
+ * IBurpExtenderCallbacks.createTextEditor()
to obtain an instance
+ * of this interface.
+ */
+public interface ITextEditor
+{
+ /**
+ * This method returns the UI component of the editor, for extensions to add
+ * to their own UI.
+ *
+ * @return The UI component of the editor.
+ */
+ Component getComponent();
+
+ /**
+ * This method is used to control whether the editor is currently editable.
+ * This status can be toggled on and off as required.
+ *
+ * @param editable Indicates whether the editor should be currently
+ * editable.
+ */
+ void setEditable(boolean editable);
+
+ /**
+ * This method is used to update the currently displayed text in the editor.
+ *
+ * @param text The text to be displayed.
+ */
+ void setText(byte[] text);
+
+ /**
+ * This method is used to retrieve the currently displayed text.
+ *
+ * @return The currently displayed text.
+ */
+ byte[] getText();
+
+ /**
+ * This method is used to determine whether the user has modified the
+ * contents of the editor.
+ *
+ * @return An indication of whether the user has modified the contents of
+ * the editor since the last call to
+ * setText()
.
+ */
+ boolean isTextModified();
+
+ /**
+ * This method is used to obtain the currently selected text.
+ *
+ * @return The currently selected text, or
+ * null
if the user has not made any selection.
+ */
+ byte[] getSelectedText();
+
+ /**
+ * This method can be used to retrieve the bounds of the user's selection
+ * into the displayed text, if applicable.
+ *
+ * @return An int[2] array containing the start and end offsets of the
+ * user's selection within the displayed text. If the user has not made any
+ * selection in the current message, both offsets indicate the position of
+ * the caret within the editor.
+ */
+ int[] getSelectionBounds();
+
+ /**
+ * This method is used to update the search expression that is shown in the
+ * search bar below the editor. The editor will automatically highlight any
+ * regions of the displayed text that match the search expression.
+ *
+ * @param expression The search expression.
+ */
+ void setSearchExpression(String expression);
+}
diff --git a/jsbeautifier/src/burp/JSBeautifier/BeautifierPreferences.java b/jsbeautifier/src/burp/JSBeautifier/BeautifierPreferences.java
new file mode 100644
index 0000000..1823f64
--- /dev/null
+++ b/jsbeautifier/src/burp/JSBeautifier/BeautifierPreferences.java
@@ -0,0 +1,222 @@
+package burp.JSBeautifier;
+import java.util.prefs.Preferences;
+
+public class BeautifierPreferences {
+ private static Preferences prefs=Preferences.userRoot().node("JSBeautifier");
+ private static final double version = 1.0;
+ private static final String appName = "Burp Suite JSBeautifier";
+ private static final String author = "Soroush Dalili (@irsdl)";
+ private static final String authorLink = "http://soroush.secproject.com/blog/";
+ private static final String projectLink = "https://github.com/irsdl/BurpSuiteJSBeautifier";
+
+ public synchronized static double getVersionx() {
+ return version;
+ }
+
+ public synchronized static String getAppInfo() {
+ return "Name: "+appName + " -Version: " + String.valueOf(version) + " -Source: " + projectLink + " -Author: " + author;
+ }
+
+ public synchronized static boolean isDebugMode() {
+ return prefs.getBoolean("isDebugMode", false);
+ }
+
+
+ public synchronized static void setDebugMode(boolean isDebugMode) {
+ prefs.putBoolean("isDebugMode", isDebugMode);
+ }
+
+
+ public synchronized static boolean isAutomaticInProxy() {
+ return prefs.getBoolean("isAutomaticInProxy", false);
+ }
+
+
+ public synchronized static void setAutomaticInProxy(boolean isAutomaticInProxy) {
+ prefs.putBoolean("isAutomaticInProxy", isAutomaticInProxy);
+ }
+
+ public synchronized static boolean isRestrictedToScope() {
+ return prefs.getBoolean("isRestrictedToScope", false);
+ }
+
+
+ public synchronized static void setRestrictedToScope(boolean isRestrictedToScope) {
+ prefs.putBoolean("isRestrictedToScope", isRestrictedToScope);
+ }
+
+ public synchronized static int getIndent_size() {
+ return prefs.getInt("indent_size", 1);
+ }
+
+
+ public synchronized static void setIndent_size(int indent_size) {
+ prefs.putInt("indent_size", indent_size);
+ }
+
+
+ public synchronized static String getIndent_char() {
+ if(getIndent_size()==1){
+ return prefs.get("indent_char", "\\t");
+ }else{
+ return prefs.get("indent_char", " ");
+ }
+ }
+
+
+ public synchronized static void setIndent_char(String indent_char) {
+ prefs.put("indent_char", indent_char);
+ }
+
+
+ public synchronized static int getMax_preserve_newlines() {
+ return prefs.getInt("max_preserve_newlines", 5);
+ }
+
+
+ public synchronized static void setMax_preserve_newlines(int max_preserve_newlines) {
+ prefs.putInt("max_preserve_newlines", max_preserve_newlines);
+ }
+
+
+ public synchronized static boolean isPreserve_newlines() {
+ return getMax_preserve_newlines()!=-1;
+ }
+
+
+// public synchronized static void setPreserve_newlines(boolean preserve_newlines) {
+// prefs.putBoolean("preserve_newlines", preserve_newlines);
+// }
+
+
+ public synchronized static boolean isKeep_array_indentation() {
+ return prefs.getBoolean("keep_array_indentation", false);
+ }
+
+
+ public synchronized static void setKeep_array_indentation(
+ boolean keep_array_indentation) {
+ prefs.putBoolean("keep_array_indentation", keep_array_indentation);
+ }
+
+
+ public synchronized static boolean isBreak_chained_methods() {
+ return prefs.getBoolean("break_chained_methods", false);
+ }
+
+
+ public synchronized static void setBreak_chained_methods(boolean break_chained_methods) {
+ prefs.putBoolean("break_chained_methods", break_chained_methods);
+ }
+
+
+ public synchronized static boolean isSpace_after_anon_function() {
+ return prefs.getBoolean("space_after_anon_function", true);
+ }
+
+
+ public synchronized static void setSpace_after_anon_function(
+ boolean space_after_anon_function) {
+ prefs.putBoolean("space_after_anon_function", space_after_anon_function);
+ }
+
+
+ public synchronized static String getIndent_scripts() {
+ return prefs.get("indent_scripts", "nomral");
+ }
+
+
+ public synchronized static void setIndent_scripts(String indent_scripts) {
+ prefs.put("indent_scripts", indent_scripts);
+ }
+
+
+ public synchronized static String getBrace_style() {
+ return prefs.get("brace_style", "expand");
+ }
+
+
+ public synchronized static void setBrace_style(String brace_style) {
+ prefs.put("brace_style", brace_style);
+ }
+
+
+ public synchronized static boolean isSpace_before_conditional() {
+ return prefs.getBoolean("space_before_conditional", false);
+ }
+
+
+ public synchronized static void setSpace_before_conditional(
+ boolean space_before_conditional) {
+ prefs.putBoolean("space_before_conditional", space_before_conditional);
+ }
+
+
+ public synchronized static boolean isDetect_packers() {
+ return prefs.getBoolean("detect_packers", true);
+ }
+
+
+ public synchronized static void setDetect_packers(boolean detect_packers) {
+ prefs.putBoolean("detect_packers", detect_packers);
+ }
+
+
+ public synchronized static boolean isUnescape_strings() {
+ return prefs.getBoolean("unescape_strings", false);
+ }
+
+
+ public synchronized static void setUnescape_strings(boolean unescape_strings) {
+ prefs.putBoolean("unescape_strings", unescape_strings);
+ }
+
+
+ public synchronized static int getWrap_line_length() {
+ return prefs.getInt("wrap_line_length", 0);
+ }
+
+
+ public synchronized static void setWrap_line_length(int wrap_line_length) {
+ prefs.putInt("wrap_line_length", wrap_line_length);
+ }
+
+ public synchronized static boolean isBeautifyHeadersInManualMode() {
+ return prefs.getBoolean("isBeautifyHeadersInManualMode", false);
+ }
+
+ public static void setBeautifyHeadersInManualMode(boolean isBeautifyHeadersInManualMode) {
+ prefs.putBoolean("isBeautifyHeadersInManualMode", isBeautifyHeadersInManualMode);
+ }
+
+ public static boolean isAutomaticInAll() {
+ return prefs.getBoolean("isAutomaticInAll", false);
+ }
+
+ public static void setAutomaticInAll(boolean isAutomaticInAll) {
+ prefs.putBoolean("isAutomaticInAll", isAutomaticInAll);
+ }
+
+ public static void resetBeautifierPreferences(){
+ setAutomaticInProxy(false);
+ setRestrictedToScope(false);
+ setAutomaticInAll(false);
+ setBeautifyHeadersInManualMode(false);
+ setDebugMode(false);
+ setIndent_size(1);
+ setIndent_char("\\t");
+ setMax_preserve_newlines(5);
+ //setPreserve_newlines(true);
+ setKeep_array_indentation(false);
+ setBreak_chained_methods(false);
+ setSpace_after_anon_function(true);
+ setIndent_scripts("normal");
+ setBrace_style("expand");
+ setSpace_before_conditional(false);
+ setDetect_packers(true);
+ setUnescape_strings(false);
+ setWrap_line_length(0);
+ }
+
+
+}
diff --git a/jsbeautifier/src/burp/JSBeautifier/JSBeautifierFunctions.java b/jsbeautifier/src/burp/JSBeautifier/JSBeautifierFunctions.java
new file mode 100644
index 0000000..720aa03
--- /dev/null
+++ b/jsbeautifier/src/burp/JSBeautifier/JSBeautifierFunctions.java
@@ -0,0 +1,560 @@
+package burp.JSBeautifier;
+
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.PrintWriter;
+import java.io.Reader;
+import java.io.SequenceInputStream;
+import java.io.UnsupportedEncodingException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.swing.JOptionPane;
+
+import org.mozilla.javascript.*;
+
+import burp.IBurpExtenderCallbacks;
+import burp.IHttpRequestResponse;
+import burp.JSBeautifier.UnicodeBOMInputStream.BOM;
+import burp.customGUI.ViewHighlightedTextForm;
+
+public class JSBeautifierFunctions {
+ private boolean isAutomatic = false; // Automatic or Manual ?
+ private final burp.IBurpExtenderCallbacks mCallbacks;
+ private final PrintWriter stdout;
+ private final PrintWriter stderr;
+ private String encoding = "UTF-8";
+ private static String beautifierJS = "";
+ private int msgType = -1;
+ private static ScriptableObject sharedScope;
+ private final static Pattern patternCDATA = Pattern.compile("(?i)^[\\s\\/\\*]*\\<\\!\\[CDATA\\["); // Fix Possible I need to check the response first!
+ if(msgType==1 && (isNormalPostMessage(requestHeaderAndBody[1]) || msgType==1 && isAutomatic)){
+ // It is a normal POST message and should not be beautified
+ msgType= 0;
+ }
+ }
+ }
+
+
+ switch(msgType){
+ case 3:
+ // Implementing the message type
+ request = messageInfo[0].getRequest();
+ response = messageInfo[0].getResponse();
+ // create array of Header and Body for Request and Response
+ requestHeaderAndBody = getHeaderAndBody(request);
+ responsetHeaderAndBody = getHeaderAndBody(response);
+ break;
+ case 2:
+ response = messageInfo[0].getResponse();
+ responsetHeaderAndBody = getHeaderAndBody(response);
+ break;
+ case 1:
+ request = messageInfo[0].getRequest();
+ requestHeaderAndBody = getHeaderAndBody(request);
+ break;
+ }
+
+ // Check the response content-type to be a valid text
+ if(msgType==2 || msgType==3){
+
+ if(!isValidContentType(responsetHeaderAndBody[0],responsetHeaderAndBody[1])){
+ // Content-Type is not valid, we need to ask the user for confirmation
+ int n = 1;
+ if(!isAutomatic){
+ String[] options = {"Yes, please continue ","No, please do not beautify the response"};
+ n = askConfirmMessage("Please choose an option:", "Response content-type has not been recognised, do you still want to run beautifier?",options);
+ }
+ if(n==1){
+ //No has been selected
+ if(msgType==2){
+ msgType = 0; // stop beautifying the response
+ return; // Exit
+ }else{
+ msgType = 1; // only beautify the request
+ }
+ }
+ }
+ }
+
+ switch(msgType){
+ case 3:
+ case 2:// It is a response
+ if(msgType==3){
+ // Request & Response
+ if(BeautifierPreferences.isBeautifyHeadersInManualMode()){
+ requestHeaderAndBody[0] = deCompress(requestHeaderAndBody[0]);
+ }
+ requestHeaderAndBody[1] = deCompress(requestHeaderAndBody[1]);
+ requestHeaderAndBody[0] = requestHeaderAndBody[0].replaceAll("(?im)^content\\-length:[\\ \\t\\d]+$", "Content-Length: "+requestHeaderAndBody[1].length());
+ }
+
+ if(isUnprotectedCSSFile(responsetHeaderAndBody[0],responsetHeaderAndBody[1])){
+ // If it is a CSS file, it needs to have a ";
+ responsetHeaderAndBody[1] = deCompress(responsetHeaderAndBody[1]);
+ responsetHeaderAndBody[1] = responsetHeaderAndBody[1].replace("", "");
+ }else if(isHtmlXmlFile(responsetHeaderAndBody[0],responsetHeaderAndBody[1])){
+ // If it is a HTML or XML file, it should be started with a valid tag
+ responsetHeaderAndBody[1] = ""+responsetHeaderAndBody[1];
+ responsetHeaderAndBody[1] = deCompress(responsetHeaderAndBody[1]);
+ responsetHeaderAndBody[1] = responsetHeaderAndBody[1].replace("", "");
+
+ // Fix possible streams =
+ Collections.enumeration(Arrays.asList(fileStreams));
+ Reader r = new InputStreamReader(new SequenceInputStream(streams), encoding);
+ char[] buf = new char[2048];
+ StringBuilder str = new StringBuilder();
+ while (true) {
+ int n = r.read(buf);
+ if (n < 0)
+ break;
+ str.append(buf, 0, n);
+ }
+ r.close();
+ beautifierJS = str.toString();
+ if (BeautifierPreferences.isDebugMode())
+ stdout.println("Javascript files have been loaded successfully.");
+ }catch(IOException errIO){
+ stderr.println("Error: IO error. Please check the required files: " + fileList.toString());
+ if (BeautifierPreferences.isDebugMode())
+ errIO.printStackTrace(stderr);
+ stderr.println("Unable to load the JavaScript files.");
+ }
+ }
+
+ // this is just a try to store this object in memory to increase performance after the first run
+
+ Context cx= Context.enter();
+ cx.setOptimizationLevel(-1);
+ cx.setLanguageVersion(Context.VERSION_DEFAULT);
+ if(sharedScope==null){
+ // Initialize the standard objects (Object, Function, etc.)
+ // This must be done before scripts can be executed.
+ sharedScope = cx.initStandardObjects(null, true);
+ // defining "global" will fix the bug in which we could not have access to beautifier main functions
+ cx.evaluateString(sharedScope, "var global = {};"+beautifierJS,"myBeautifier", 1, null);
+ }
+
+ // Add settings to beautifier
+ String beautifierSettingVars = "var indent_size = %d;";
+ beautifierSettingVars+="var indent_char = '%s';";
+ beautifierSettingVars+="var max_preserve_newlines = %d;";
+ beautifierSettingVars+="var preserve_newlines = %b;";
+ beautifierSettingVars+="var keep_array_indentation = %b;";
+ beautifierSettingVars+="var break_chained_methods = %b;";
+ beautifierSettingVars+="var space_after_anon_function = %b;";
+ beautifierSettingVars+="var indent_scripts = '%s';";
+ beautifierSettingVars+="var brace_style = '%s';";
+ beautifierSettingVars+="var space_before_conditional = %b;";
+ beautifierSettingVars+="var detect_packers = %b;";
+ beautifierSettingVars+="var unescape_strings = %b;";
+ beautifierSettingVars+="var wrap_line_length = %d;";
+
+ beautifierSettingVars = String.format(beautifierSettingVars,BeautifierPreferences.getIndent_size(),BeautifierPreferences.getIndent_char(),BeautifierPreferences.getMax_preserve_newlines(),BeautifierPreferences.isPreserve_newlines(),
+ BeautifierPreferences.isKeep_array_indentation(),BeautifierPreferences.isBreak_chained_methods(),BeautifierPreferences.isSpace_after_anon_function(),BeautifierPreferences.getIndent_scripts(),
+ BeautifierPreferences.getBrace_style(),BeautifierPreferences.isSpace_before_conditional(),BeautifierPreferences.isDetect_packers(),BeautifierPreferences.isUnescape_strings(),
+ BeautifierPreferences.getWrap_line_length());
+
+ cx.evaluateString(sharedScope, beautifierSettingVars, "beautifierSettingVars", 1, null);
+
+ // Now we can evaluate a script. Let's create a new object
+ // using the object literal notation
+
+ Object fObj = sharedScope.get("beautify", sharedScope);
+
+ if (!(fObj instanceof Function)) {
+ stderr.println("beautify is undefined or not a function.");
+ } else {
+ Object functionArgs[] = { strInput };
+ Function f = (Function)fObj;
+ Object result1 = f.call(cx, sharedScope, sharedScope, functionArgs);
+ finalResult = Context.toString(result1);
+// if(BeautifierPreferences.isDebugMode())
+// stdout.println("Result after beautifying= \r\n"+finalResult);
+ }
+
+ } catch (Exception e) {
+ if(BeautifierPreferences.isDebugMode())
+ e.printStackTrace(stderr);
+ }finally {
+ Context.exit();
+ }
+
+ // Adding BOM to the result
+ if(hasBOM){
+ finalResult = testBOMInput[0]+finalResult;
+ }
+ return finalResult;
+ }
+
+ // Show a message to the user
+ public void showMessage(String strMsg){
+ //mCallbacks.issueAlert(strMsg);
+ if(!isAutomatic || BeautifierPreferences.isDebugMode())
+ {
+ JOptionPane.showMessageDialog(null, strMsg);
+ }
+ stdout.println(strMsg);
+ }
+
+ // Common method to ask a multiple question
+ public Integer askConfirmMessage(String strTitle, String strQuestion, String[] msgOptions){
+ Object[] options = msgOptions;
+ int n = 0;
+ n = JOptionPane.showOptionDialog(null,
+ strQuestion,
+ strTitle,
+ JOptionPane.YES_NO_CANCEL_OPTION,
+ JOptionPane.QUESTION_MESSAGE,
+ null,
+ options,
+ options[0]);
+ return n;
+ }
+
+ // Split header and body of a request or response
+ private String[] getHeaderAndBody(byte[] fullMessage) throws UnsupportedEncodingException{
+ String[] result = {"",""};
+ String strFullMessage = "";
+ if(fullMessage != null){
+ // splitting the message to retrieve the header and the body
+ strFullMessage = new String(fullMessage,encoding);
+ if(strFullMessage.contains("\r\n\r\n"))
+ result = strFullMessage.split("\r\n\r\n",2);
+ }
+ return result;
+ }
+
+ // Read the Content-Type value from the header
+ private String findHeaderContentType(String strHeader){
+ String contentType="";
+ if(!strHeader.equals("")){
+ Pattern MY_PATTERN = Pattern.compile("(?im)^content-type:([\\ \\w\\/\\-\\_\\,]*)"); // just in case, it also includes ",_ "
+ Matcher m = MY_PATTERN.matcher(strHeader);
+ if (m.find()) {
+ contentType = m.group(1);
+ }
+ }
+ return contentType;
+ }
+
+ // Check to see if it is a CSS file to protect it from being corrupted
+ private boolean isUnprotectedCSSFile(String strHeader, String strBody){
+ boolean result = false;
+ // Check if it is a CSS file to prevent from being checked as a JS file
+ if(!strHeader.equals("") && !strBody.equals("")){
+ if(findHeaderContentType(strHeader).toLowerCase().contains("css")){
+ String startwithStyleTagRegex = "(?i)^[\\s]*\\]+";
+ if(!strBody.matches(startwithStyleTagRegex)){
+ result = true; // It does not start with any