Skip to content

Commit c9d2fb5

Browse files
federicodottafedericodotta
committed
- Bug fixes (insertion point and URL and Cookie insertions)
1 parent 795f0ed commit c9d2fb5

1 file changed

Lines changed: 10 additions & 10 deletions

File tree

src/burp/BurpExtender.java

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -332,7 +332,7 @@ public List<IScanIssue> doPassiveScan(IHttpRequestResponse baseRequestResponse)
332332

333333
@Override
334334
public List<IScanIssue> doActiveScan(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint) {
335-
335+
336336
List<IScanIssue> issues = new ArrayList<IScanIssue>();
337337

338338
// Full body insertion point
@@ -342,7 +342,7 @@ public List<IScanIssue> doActiveScan(IHttpRequestResponse baseRequestResponse, I
342342
int magicPos = helpers.indexOf(request, serializeMagic, false, 0, request.length);
343343
int magicPosBase64 = helpers.indexOf(request, base64Magic, false, 0, request.length);
344344

345-
if(magicPos > -1 || magicPosBase64 > -1) {
345+
if((magicPos > -1 && magicPos >= bodyOffset) || (magicPosBase64 > -1 && magicPosBase64 >= bodyOffset)) {
346346

347347
List<String> headers = requestInfo.getHeaders();
348348

@@ -356,7 +356,7 @@ public List<IScanIssue> doActiveScan(IHttpRequestResponse baseRequestResponse, I
356356
byte[] newBody = null;
357357
if(magicPos > -1) {
358358
// Put directly the payload
359-
newBody = ArrayUtils.addAll(Arrays.copyOfRange(request, bodyOffset, magicPos),payloads.get(currentKey));
359+
newBody = ArrayUtils.addAll(Arrays.copyOfRange(request, bodyOffset, magicPos),payloads.get(currentKey));
360360
} else {
361361
// Encode the payload in Base64
362362
newBody = ArrayUtils.addAll(Arrays.copyOfRange(request, bodyOffset, magicPosBase64),Base64.encodeBase64URLSafe(payloads.get(currentKey)));
@@ -630,8 +630,8 @@ public void insertInjectionCharacters() {
630630

631631
highlighter.removeAllHighlights();
632632

633-
String requestString = requestArea.getText().trim();
634-
633+
String requestString = requestArea.getText();
634+
635635
String newRequestString = requestString.substring(0, start) + insertionPointChar + requestString.substring(start, end) + insertionPointChar + requestString.substring(end, requestString.length());
636636

637637
requestArea.setText(newRequestString);
@@ -653,18 +653,18 @@ public void executeManualTest(boolean base64) {
653653
attackButton.setEnabled(false);
654654
attackBase64Button.setEnabled(false);
655655

656-
String requestString = requestArea.getText().trim();
656+
String requestString = requestArea.getText();
657657
int payloadFrom = requestString.indexOf(insertionPointChar);
658658
int payloadTo = requestString.lastIndexOf(insertionPointChar);
659-
659+
660660
boolean positiveResult = false;
661661

662662
if(payloadFrom != payloadTo) {
663663

664664
IHttpService httpService = helpers.buildHttpService(host.getText().trim(), Integer.parseInt(port.getText().trim()), useHttps.isSelected());
665-
666-
byte[] prePayloadRequest = Arrays.copyOfRange(requestString.getBytes(), 0, payloadFrom);
667-
byte[] postPayloadRequest = Arrays.copyOfRange(requestString.getBytes(), payloadTo+1, requestString.getBytes().length);
665+
666+
byte[] prePayloadRequest = requestString.substring(0, payloadFrom).getBytes();
667+
byte[] postPayloadRequest = requestString.substring(payloadTo+1,requestString.length()).getBytes();
668668

669669
Set<String> payloadKeys = payloads.keySet();
670670
Iterator<String> iter = payloadKeys.iterator();

0 commit comments

Comments
 (0)