Access to requests in Repeater tabs

PortSwigger / burp-extensions-montoya-api

Burp Extensions Api

Other

125 stars 3 forks source link

Access to requests in Repeater tabs #10

Open takeshixx opened 1 year ago

takeshixx commented 1 year ago

Currently, the site map and proxy history are accessible via:

[history()](https://portswigger.github.io/burp-extensions-montoya-api/javadoc/burp/api/montoya/proxy/Proxy.html#history()) in Proxy
[requestResponses()](https://portswigger.github.io/burp-extensions-montoya-api/javadoc/burp/api/montoya/sitemap/SiteMap.html#requestResponses()) in SiteMap

It would be nice to have something similar that allows to access requests/responses in all Repeater tabs. AFAIK to only way to extract them at the moment is to manually add each requests in Repeater to the site map.

The Repeater requests are available in the Logger tool as well. However, I have not found any way to access this via the API. This might also be a great way to allow access to all requests in Burp Suite via extensions.

Additionally, something similar for Intruder would be great.

SeanBurnsUK commented 1 year ago

Thanks for the feedback.

We do have plans to add functionality that exposes data in the burp tools. So keep an eye out for that.

nollium commented 1 year ago

I guess one way you could do this right now would be adding a disabled ExtensionProvidedEditor and storing all the request being passed to isEnabledFor(HttpRequestResponse requestResponse) ?

takeshixx commented 1 year ago

Thanks for the hint. I played around with that but the problem is, this will only catch requests as they are sent, right? I'm looking for a way to get these out of a project file.

nollium commented 1 year ago

No, my solution should catch all HttpRequestResponse that are opened in an editor, the isEnabledFor method is used by ExtensionProvidedEditor-s to choose when to display the extension's editor, and it will be called when the editor constructs (i.e., at startup or tab creation)

You are thinking of a Proxy intercept, which operates at the Proxy level while my trick operates at the editor level.

Obviously this is super hacky and a real feature would be best.

rahulr311295 commented 4 days ago

String invocationType = event.invocationType().toString();
   if (invocationType == "MESSAGE_EDITOR_REQUEST") {
                    api.logging().raiseInfoEvent("Invocation Type: " + invocationType);
                    event.messageEditorRequestResponse().ifPresent(requestResponse -> {
                    HttpRequestResponse httpRequestResponse = requestResponse.requestResponse();
                    HttpRequest selectedRequest = httpRequestResponse.request();
                    HttpResponse selectedResponse = httpRequestResponse.response();
                    Main.this.getDatafromRepeater(selectedRequest, selectedResponse);

Here is a cheapfix i did hope it helps burp.api.montoya.ui.contextmenu