Suggestion: function to set markers (highlights) in response and request editors

[serkonda7]

I want to replicate the highlights functionality of the issue activity (see image) for custom editors created via API:

Nothing the API offers sounds like it would fulfill this task.

Therefore i suggest adding a new function to Editor interface: setHighlights(highlights: List<Marker>)

[Hannah-PortSwigger]

Hi.

The functionality to mark requests associated with issues this way is already available. This is referred to as "Marker" within the Montoya API.

Markers are not displayed in the regular editor.

[serkonda7]

Markers are not displayed in the regular editor.

Why tho? That's exactly what I want to do. Use Markers in my custom UI with a editor created by the API.

[Hannah-PortSwigger]

Markers are used in specific places within Burp. For example, as part of raised issues, part of the Scanner, or part of Intruder.

If you would like to have highlighted text as part of your message editor, you would need to use setSearchExpression() on the editor to match with the specific text that you wish to highlight.

[serkonda7]

Thanks for the suggested workaround. Tho I think this is not clear from the available documentation

[Hannah-PortSwigger]

Thanks for the feedback. We'll look into whether there are any ways we can adjust the current documentation to make this clearer.

If there's anything else we can help with, then please let us know.

[joanlopez]

Hey @Hannah-PortSwigger,

Why not add support for Markers highlighting to HttpRequestEditor and HttpResponseEditor that you can create with api.userInterface().createHttpRequestEditor and api.userInterface().createHttpResponseEditor?

The setSearchExpression suggested solution only works partially, but what if I want to highlight more than one different thing? Any chance of including such a feature in the editors exposed by the Montoya API? Any alternative to achieve that goal?

Thanks!

[Hannah-PortSwigger]

Hi @joanlopez

We have an ongoing feature request for this functionality, to which I have added your +1.

If a user selects the "Regex" option as part of their settings for the search expression, then you can use a regular expression to search for multiple results - not the cleanest way to go about it, but if this is important functionality for you then this could be a potential workaround.

[joanlopez]

We have an ongoing feature request for this functionality, to which I have added your +1.

Yes, please! Do you have any approximate ETA?

If a user selects the "Regex" option as part of their settings for the search expression, then you can use a regular expression to search for multiple results - not the cleanest way to go about it, but if this is important functionality for you then this could be a potential workaround.

Yeah, I found that workaround in another issue. It temporarily works, but it kinda conflicts with the use of search, because if the user modifies the value (wants to search other stuff), they lose the highlights and also cannot go back to the previous value (regex to match them all).

So, definitely looking for that feature.

Thanks!

[Hannah-PortSwigger]

Do you have any approximate ETA?

We don't have an ETA for this functionality. We're currently monitoring the popularity of this feature request.

If there's anything else we can help with, then please let us know 😊

[the-cartographer]

Hey @Hannah-PortSwigger 👋

Just adding another +1 to adjusting the documentation and making it clearer where withMarkers works would be a big help if possible 🙏

I just wasted invested ~2 hours learning the hard way that

• A custom ProxyResponseHandler can't be used to highlight interesting portions of response(s) like I thought it could
• Trying to work around this using api().organizer().sendToOrganizer(HttpRequestResponse myWorkaround) doesn't help either

Thanks!

[Hannah-PortSwigger]

@the-cartographer Thanks for the feedback. We've added your +1 to this feature request as well.

If there's anything else we can help with, then please let us know.