Package burp

Interface IScannerInsertionPoint

  • public interface IScannerInsertionPoint
    This interface is used to define an insertion point for use by active Scanner checks. Extensions can obtain instances of this interface by registering an IScannerCheck, or can create instances for use by Burp's own scan checks by registering an IScannerInsertionPointProvider.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static byte INS_ENTIRE_BODY
      Used to indicate where the payload is inserted into the body of the HTTP request.
      static byte INS_EXTENSION_PROVIDED
      Used to indicate where the insertion point is provided by an extension-registered IScannerInsertionPointProvider.
      static byte INS_HEADER
      Used to indicate where the payload is inserted into the value of an HTTP request header.
      static byte INS_PARAM_AMF
      Used to indicate where the payload is inserted into the value of an AMF parameter.
      static byte INS_PARAM_BODY
      Used to indicate where the payload is inserted into the value of a body parameter.
      static byte INS_PARAM_COOKIE
      Used to indicate where the payload is inserted into the value of an HTTP cookie.
      static byte INS_PARAM_JSON
      Used to indicate where the payload is inserted into the value of an item of data within a JSON structure.
      static byte INS_PARAM_MULTIPART_ATTR
      Used to indicate where the payload is inserted into the value of a parameter attribute within a multi-part message body (such as the name of an uploaded file).
      static byte INS_PARAM_NAME_BODY
      Used to indicate where the payload is inserted into the name of an added body parameter.
      static byte INS_PARAM_NAME_URL
      Used to indicate where the payload is inserted into the name of an added URL parameter.
      static byte INS_PARAM_URL
      Used to indicate where the payload is inserted into the value of a URL parameter.
      static byte INS_PARAM_XML
      Used to indicate where the payload is inserted into the value of an item of data within an XML data structure.
      static byte INS_PARAM_XML_ATTR
      Used to indicate where the payload is inserted into the value of a tag attribute within an XML structure.
      static byte INS_UNKNOWN
      Used to indicate where the payload is inserted at an unknown location within the request.
      static byte INS_URL_PATH_FILENAME
      Used to indicate where the payload is inserted into the URL path filename.
      static byte INS_URL_PATH_FOLDER
      Used to indicate where the payload is inserted into a URL path folder.
      static byte INS_URL_PATH_REST
      Deprecated.
      static byte INS_USER_PROVIDED
      Used to indicate where the payload is inserted at a location manually configured by the user.

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      byte[] buildRequest​(byte[] payload)
      This method is used to build a request with the specified payload placed into the insertion point.
      java.lang.String getBaseValue()
      This method returns the base value for this insertion point.
      java.lang.String getInsertionPointName()
      This method returns the name of the insertion point.
      byte getInsertionPointType()
      This method returns the type of the insertion point.
      int[] getPayloadOffsets​(byte[] payload)
      This method is used to determine the offsets of the payload value within the request, when it is placed into the insertion point.

    • Field Detail

      • INS_PARAM_URL

        static final byte INS_PARAM_URL
        Used to indicate where the payload is inserted into the value of a URL parameter.
        See Also:
        Constant Field Values

      • INS_PARAM_BODY

        static final byte INS_PARAM_BODY
        Used to indicate where the payload is inserted into the value of a body parameter.
        See Also:
        Constant Field Values

      • INS_PARAM_COOKIE

        static final byte INS_PARAM_COOKIE
        Used to indicate where the payload is inserted into the value of an HTTP cookie.
        See Also:
        Constant Field Values

      • INS_PARAM_XML

        static final byte INS_PARAM_XML
        Used to indicate where the payload is inserted into the value of an item of data within an XML data structure.
        See Also:
        Constant Field Values

      • INS_PARAM_XML_ATTR

        static final byte INS_PARAM_XML_ATTR
        Used to indicate where the payload is inserted into the value of a tag attribute within an XML structure.
        See Also:
        Constant Field Values

      • INS_PARAM_MULTIPART_ATTR

        static final byte INS_PARAM_MULTIPART_ATTR
        Used to indicate where the payload is inserted into the value of a parameter attribute within a multi-part message body (such as the name of an uploaded file).
        See Also:
        Constant Field Values

      • INS_PARAM_JSON

        static final byte INS_PARAM_JSON
        Used to indicate where the payload is inserted into the value of an item of data within a JSON structure.
        See Also:
        Constant Field Values

      • INS_PARAM_AMF

        static final byte INS_PARAM_AMF
        Used to indicate where the payload is inserted into the value of an AMF parameter.
        See Also:
        Constant Field Values

      • INS_HEADER

        static final byte INS_HEADER
        Used to indicate where the payload is inserted into the value of an HTTP request header.
        See Also:
        Constant Field Values

      • INS_URL_PATH_FOLDER

        static final byte INS_URL_PATH_FOLDER
        Used to indicate where the payload is inserted into a URL path folder.
        See Also:
        Constant Field Values

      • INS_URL_PATH_REST

        @Deprecated
static final byte INS_URL_PATH_REST
        Deprecated.
        Used to indicate where the payload is inserted into a URL path folder. This is now deprecated; use INS_URL_PATH_FOLDER instead.
        See Also:
        Constant Field Values

      • INS_PARAM_NAME_URL

        static final byte INS_PARAM_NAME_URL
        Used to indicate where the payload is inserted into the name of an added URL parameter.
        See Also:
        Constant Field Values

      • INS_PARAM_NAME_BODY

        static final byte INS_PARAM_NAME_BODY
        Used to indicate where the payload is inserted into the name of an added body parameter.
        See Also:
        Constant Field Values

      • INS_ENTIRE_BODY

        static final byte INS_ENTIRE_BODY
        Used to indicate where the payload is inserted into the body of the HTTP request.
        See Also:
        Constant Field Values

      • INS_URL_PATH_FILENAME

        static final byte INS_URL_PATH_FILENAME
        Used to indicate where the payload is inserted into the URL path filename.
        See Also:
        Constant Field Values

      • INS_USER_PROVIDED

        static final byte INS_USER_PROVIDED
        Used to indicate where the payload is inserted at a location manually configured by the user.
        See Also:
        Constant Field Values

      • INS_EXTENSION_PROVIDED

        static final byte INS_EXTENSION_PROVIDED
        Used to indicate where the insertion point is provided by an extension-registered IScannerInsertionPointProvider.
        See Also:
        Constant Field Values

      • INS_UNKNOWN

        static final byte INS_UNKNOWN
        Used to indicate where the payload is inserted at an unknown location within the request.
        See Also:
        Constant Field Values

    • Method Detail

      • getInsertionPointName

        java.lang.String getInsertionPointName()
        This method returns the name of the insertion point.
        Returns:
        The name of the insertion point (for example, a description of a particular request parameter).

      • getBaseValue

        java.lang.String getBaseValue()
        This method returns the base value for this insertion point.
        Returns:
        the base value that appears in this insertion point in the base request being scanned, or null if there is no value in the base request that corresponds to this insertion point.

      • buildRequest

        byte[] buildRequest​(byte[] payload)
        This method is used to build a request with the specified payload placed into the insertion point. There is no requirement for extension-provided insertion points to adjust the Content-Length header in requests if the body length has changed, although Burp-provided insertion points will always do this and will return a request with a valid Content-Length header. Note: Scan checks should submit raw non-encoded payloads to insertion points, and the insertion point has responsibility for performing any data encoding that is necessary given the nature and location of the insertion point.
        Parameters:
        payload - The payload that should be placed into the insertion point.
        Returns:
        The resulting request.

      • getPayloadOffsets

        int[] getPayloadOffsets​(byte[] payload)
        This method is used to determine the offsets of the payload value within the request, when it is placed into the insertion point. Scan checks may invoke this method when reporting issues, so as to highlight the relevant part of the request within the UI.
        Parameters:
        payload - The payload that should be placed into the insertion point.
        Returns:
        An int[2] array containing the start and end offsets of the payload within the request, or null if this is not applicable (for example, where the insertion point places a payload into a serialized data structure, the raw payload may not literally appear anywhere within the resulting request).

      • getInsertionPointType

        byte getInsertionPointType()
        This method returns the type of the insertion point.
        Returns:
        The type of the insertion point. Available types are defined in this interface.