search

PortSwigger / burp-extensions-montoya-api

Burp Extensions Api
Other
139 stars 5 forks source link

Method withUpdatedParameters() doesn't work as expected #44

Closed ByQwert closed 1 year ago

ByQwert commented 1 year ago

Hello,

Seems like withUpdatedParameters() method doesn't work as described in the documentation. image Namely it doesn't add a new parameter If a parameter doesn't exist in the request.

The following code used during the test:

class MyExtensionProvidedHttpRequestEditor implements ExtensionProvidedHttpRequestEditor {
    [...]
    @Override
    public void setRequestResponse(HttpRequestResponse requestResponse) {
        HttpRequest customTabRequest;

        this.requestResponse = requestResponse;        

        // Updates existent parameter
        customTabRequest = requestResponse.request().withUpdatedParameters(HttpParameter.parameter("getParam", "getValue", HttpParameterType.valueOf("URL")));

        // Doesn't add non-existent parameter
        // customTabRequest = requestResponse.request().withUpdatedParameters(HttpParameter.parameter("getParam2", "getValue2", HttpParameterType.valueOf("URL")));

        this.requestEditor.setRequest(customTabRequest);
    }

    @Override
    public HttpRequest getRequest() {
        HttpRequest request;

        // Updates existent parameter
        request = requestEditor.getRequest().withUpdatedParameters(HttpParameter.parameter("getParam", "getValue", HttpParameterType.valueOf("URL")));

        // Doesn't add non-existent parameter
        // request = requestEditor.getRequest().withUpdatedParameters(HttpParameter.parameter("getParam2", "getValue2", HttpParameterType.valueOf("URL")));

        return request;
    }
    [...]
}
nollium commented 1 year ago

+1

withUpdatedHeader() doesn't create the header either.

There should be a way for all the withUpdated... functions to add the thing if it doesn't exist, maybe by passing a "createIfNotExist" flag ?

SeanBurnsUK commented 1 year ago

We will update the javadoc, it is incorrect.

We will be adding 2 new methods to request to accommodate this requirement.

withHeader() and withParameter()

these methods will do the add or update logic (and are inline with the other methods that do the same.. withMethod, withService etc)