GithubHelp home page GithubHelp logo

Comments (3)

dnet avatar dnet commented on June 15, 2024 1

Just show me a single one that provides such an option that initiates an active scan on the current request focusing on the single vulnerability class targeted by the extension.

from burp-log4shell.

dnet avatar dnet commented on June 15, 2024

I'm sorry but given the current set of APIs available for Extender plugins, that's just plain impossible. Your code snippets hide the problematic part as ... in self._extender.doActiveScan(...); as IScannerCheck.doActivescan expects (and in most cases, including this plugin as well, uses) a second parameter with an insertion point (an object that implements IScannerInsertionPoint).

So first of all, doActiveScan is called not just for a single scan, but once for each insertion point. And there's just no API provided to actually get all those insertion points by an Extender plugin. Try searching for IScannerInsertionPoint in the Burp Extender API documentation and you'll find that your average plugin can only interact with such objects in three cases.

  • You get one if you're a scanner check, just as I described above. This is how Active scan works, they call you, never the other way around.
  • You provide such insertion points to the active scanner and it calls all the other scanner checks with those provided by you included in the set. Again, the data flow is unidirectional, you don't get to ask Burp to collect and provide those insertion points for you.
  • You create one manually with makeScannerInsertionPoint, however, you have to figure out how to parse its location and what encoding to use. Even the official API documentation states

It can be used to quickly create a simple insertion point based on a fixed payload location within a base request.

So AFAIK what you ask for is impossible, or to put it in another way, making it possible is just not worth it. You'd have to implement half of the built-in active scanner to implement the code that's already there, it's just inaccessible to your average extension. Another, contrived way would be doing such a version where the user has to select the part manually (like in Intruder) and specify encoding explicitly.

Please only reopen this if you have information that disproves any of the above. If you'd like to do the reimplementation part, feel free to submit a PR.

from burp-log4shell.

Regala avatar Regala commented on June 15, 2024

from burp-log4shell.

Related Issues (14)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.