Package burp.api.montoya.scanner.audit.insertionpoint

Interface ExtensionGeneratedAuditInsertionPoint

  • All Known Subinterfaces:
    AuditInsertionPoint
    public interface ExtensionGeneratedAuditInsertionPoint
    This interface is used to define an insertion point for use by Scan checks. Extensions can create instances for use by Burp's own scan checks by registering an AuditInsertionPointProvider.

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      java.lang.String baseValue()
      This method returns the base value for this insertion point.
      ByteArray buildHttpMessageWithPayload​(ByteArray payload)
      This method is used to build a request with the specified payload placed into the insertion point.
      java.util.List<Range> issueHighlights​(ByteArray payload)
      This method is used to determine the offsets of the payload value within the request, when it is placed into the insertion point.
      java.lang.String name()
      This method returns the name of this insertion point.

    • Method Detail

      • name

        java.lang.String name()
        This method returns the name of this insertion point.
        Returns:
        The name of this insertion point (for example, a description of a particular request parameter).

      • baseValue

        java.lang.String baseValue()
        This method returns the base value for this insertion point.
        Returns:
        the base value that appears in this insertion point in the base request being audited, or null if there is no value in the base request that corresponds to this insertion point.

      • buildHttpMessageWithPayload

        ByteArray buildHttpMessageWithPayload​(ByteArray payload)
        This method is used to build a request with the specified payload placed into the insertion point. There is no requirement for extension-provided insertion points to adjust the Content-Length header in requests if the body length has changed, although Burp-provided insertion points will always do this and will return a request with a valid Content-Length header. Note: Scan checks should submit raw non-encoded payloads to insertion points, and the insertion point has responsibility for performing any data encoding that is necessary given the nature and location of the insertion point.
        Parameters:
        payload - The payload that should be placed into the insertion point.
        Returns:
        The resulting request.

      • issueHighlights

        java.util.List<Range> issueHighlights​(ByteArray payload)
        This method is used to determine the offsets of the payload value within the request, when it is placed into the insertion point. Scan checks may invoke this method when reporting issues, so as to highlight the relevant part of the request within the UI.
        Parameters:
        payload - The payload that should be placed into the insertion point.
        Returns:
        A list of Range objects containing the start and end offsets of the payload within the request, or an empty list if this is not applicable (for example, where the insertion point places a payload into a serialized data structure, the raw payload may not literally appear anywhere within the resulting request).