burp
Interface IScannerInsertionPoint


public interface IScannerInsertionPoint

This interface is used to define an insertion point for use by active Scanner checks. Extensions can obtain instances of this interface by registering an IScannerCheck, or can create instances for use by Burp's own scan checks by registering an IScannerInsertionPointProvider.


Field Summary
static byte INS_ENTIRE_BODY
          Used to indicate where the payload is inserted into the body of the HTTP request.
static byte INS_EXTENSION_PROVIDED
          Used to indicate where the insertion point is provided by an extension-registered IScannerInsertionPointProvider.
static byte INS_HEADER
          Used to indicate where the payload is inserted into the value of an HTTP request header.
static byte INS_PARAM_AMF
          Used to indicate where the payload is inserted into the value of an AMF parameter.
static byte INS_PARAM_BODY
          Used to indicate where the payload is inserted into the value of a body parameter.
static byte INS_PARAM_COOKIE
          Used to indicate where the payload is inserted into the value of an HTTP cookie.
static byte INS_PARAM_JSON
          Used to indicate where the payload is inserted into the value of an item of data within a JSON structure.
static byte INS_PARAM_MULTIPART_ATTR
          Used to indicate where the payload is inserted into the value of a parameter attribute within a multi-part message body (such as the name of an uploaded file).
static byte INS_PARAM_NAME_BODY
          Used to indicate where the payload is inserted into the name of an added body parameter.
static byte INS_PARAM_NAME_URL
          Used to indicate where the payload is inserted into the name of an added URL parameter.
static byte INS_PARAM_URL
          Used to indicate where the payload is inserted into the value of a URL parameter.
static byte INS_PARAM_XML
          Used to indicate where the payload is inserted into the value of an item of data within an XML data structure.
static byte INS_PARAM_XML_ATTR
          Used to indicate where the payload is inserted into the value of a tag attribute within an XML structure.
static byte INS_UNKNOWN
          Used to indicate where the payload is inserted at an unknown location within the request.
static byte INS_URL_PATH_FILENAME
          Used to indicate where the payload is inserted into the URL path filename.
static byte INS_URL_PATH_FOLDER
          Used to indicate where the payload is inserted into a URL path folder.
static byte INS_URL_PATH_REST
          Deprecated. 
static byte INS_USER_PROVIDED
          Used to indicate where the payload is inserted at a location manually configured by the user.
 
Method Summary
 byte[] buildRequest(byte[] payload)
          This method is used to build a request with the specified payload placed into the insertion point.
 java.lang.String getBaseValue()
          This method returns the base value for this insertion point.
 java.lang.String getInsertionPointName()
          This method returns the name of the insertion point.
 byte getInsertionPointType()
          This method returns the type of the insertion point.
 int[] getPayloadOffsets(byte[] payload)
          This method is used to determine the offsets of the payload value within the request, when it is placed into the insertion point.
 

Field Detail

INS_PARAM_URL

static final byte INS_PARAM_URL
Used to indicate where the payload is inserted into the value of a URL parameter.

See Also:
Constant Field Values

INS_PARAM_BODY

static final byte INS_PARAM_BODY
Used to indicate where the payload is inserted into the value of a body parameter.

See Also:
Constant Field Values

INS_PARAM_COOKIE

static final byte INS_PARAM_COOKIE
Used to indicate where the payload is inserted into the value of an HTTP cookie.

See Also:
Constant Field Values

INS_PARAM_XML

static final byte INS_PARAM_XML
Used to indicate where the payload is inserted into the value of an item of data within an XML data structure.

See Also:
Constant Field Values

INS_PARAM_XML_ATTR

static final byte INS_PARAM_XML_ATTR
Used to indicate where the payload is inserted into the value of a tag attribute within an XML structure.

See Also:
Constant Field Values

INS_PARAM_MULTIPART_ATTR

static final byte INS_PARAM_MULTIPART_ATTR
Used to indicate where the payload is inserted into the value of a parameter attribute within a multi-part message body (such as the name of an uploaded file).

See Also:
Constant Field Values

INS_PARAM_JSON

static final byte INS_PARAM_JSON
Used to indicate where the payload is inserted into the value of an item of data within a JSON structure.

See Also:
Constant Field Values

INS_PARAM_AMF

static final byte INS_PARAM_AMF
Used to indicate where the payload is inserted into the value of an AMF parameter.

See Also:
Constant Field Values

INS_HEADER

static final byte INS_HEADER
Used to indicate where the payload is inserted into the value of an HTTP request header.

See Also:
Constant Field Values

INS_URL_PATH_FOLDER

static final byte INS_URL_PATH_FOLDER
Used to indicate where the payload is inserted into a URL path folder.

See Also:
Constant Field Values

INS_URL_PATH_REST

@Deprecated
static final byte INS_URL_PATH_REST
Deprecated. 
Used to indicate where the payload is inserted into a URL path folder. This is now deprecated; use INS_URL_PATH_FOLDER instead.

See Also:
Constant Field Values

INS_PARAM_NAME_URL

static final byte INS_PARAM_NAME_URL
Used to indicate where the payload is inserted into the name of an added URL parameter.

See Also:
Constant Field Values

INS_PARAM_NAME_BODY

static final byte INS_PARAM_NAME_BODY
Used to indicate where the payload is inserted into the name of an added body parameter.

See Also:
Constant Field Values

INS_ENTIRE_BODY

static final byte INS_ENTIRE_BODY
Used to indicate where the payload is inserted into the body of the HTTP request.

See Also:
Constant Field Values

INS_URL_PATH_FILENAME

static final byte INS_URL_PATH_FILENAME
Used to indicate where the payload is inserted into the URL path filename.

See Also:
Constant Field Values

INS_USER_PROVIDED

static final byte INS_USER_PROVIDED
Used to indicate where the payload is inserted at a location manually configured by the user.

See Also:
Constant Field Values

INS_EXTENSION_PROVIDED

static final byte INS_EXTENSION_PROVIDED
Used to indicate where the insertion point is provided by an extension-registered IScannerInsertionPointProvider.

See Also:
Constant Field Values

INS_UNKNOWN

static final byte INS_UNKNOWN
Used to indicate where the payload is inserted at an unknown location within the request.

See Also:
Constant Field Values
Method Detail

getInsertionPointName

java.lang.String getInsertionPointName()
This method returns the name of the insertion point.

Returns:
The name of the insertion point (for example, a description of a particular request parameter).

getBaseValue

java.lang.String getBaseValue()
This method returns the base value for this insertion point.

Returns:
the base value that appears in this insertion point in the base request being scanned, or null if there is no value in the base request that corresponds to this insertion point.

buildRequest

byte[] buildRequest(byte[] payload)
This method is used to build a request with the specified payload placed into the insertion point. There is no requirement for extension-provided insertion points to adjust the Content-Length header in requests if the body length has changed, although Burp-provided insertion points will always do this and will return a request with a valid Content-Length header. Note: Scan checks should submit raw non-encoded payloads to insertion points, and the insertion point has responsibility for performing any data encoding that is necessary given the nature and location of the insertion point.

Parameters:
payload - The payload that should be placed into the insertion point.
Returns:
The resulting request.

getPayloadOffsets

int[] getPayloadOffsets(byte[] payload)
This method is used to determine the offsets of the payload value within the request, when it is placed into the insertion point. Scan checks may invoke this method when reporting issues, so as to highlight the relevant part of the request within the UI.

Parameters:
payload - The payload that should be placed into the insertion point.
Returns:
An int[2] array containing the start and end offsets of the payload within the request, or null if this is not applicable (for example, where the insertion point places a payload into a serialized data structure, the raw payload may not literally appear anywhere within the resulting request).

getInsertionPointType

byte getInsertionPointType()
This method returns the type of the insertion point.

Returns:
The type of the insertion point. Available types are defined in this interface.