I am trying to write a simple burp extension to capture a HTTP packet, modify it and forward it to the server. I need to do this for some security testing. I started with a code to just print the received packet. Attaching the code below, which i got from various Burp tutorials. I configured Eclipse my proxy to localhost and then ran this code. The code runs fine, Burp opens up correctly and also intercepts the packet but I cant see anything on my IDE console. Please help me out, as I am pretty new to Burp and couldn't understand much from the help available online.
package burp;
public class BurpExtender2 implements IBurpExtender, IHttpListener, IProxyListener
{
private IBurpExtenderCallbacks callbacks;
public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks)
{
helpers = callbacks.getHelpers();
callbacks.registerHttpListener(this);
}
public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo)
{
System.out.println(
(messageIsRequest ? "HTTP request to " : "HTTP response from ") +
messageInfo.getHttpService() +
" [" + callbacks.getToolName(toolFlag) + "]");
}
public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessage message)
{
System.out.println(message);
}
}
I just want to know how i can get the intercepted packet in my Code and then forward it.
I wonder why you're trying to write a Burp extension to capture packets. Wouldn't you use a sniffer for that?
Anyway, thanks to your code, I was able to get myself started writing extensions. Here's what I found with your method processHttpMessage
" [" + callbacks.getToolName(toolFlag) + "]"
Something is buggy here, possibly in the Burp Suite (1.5.16); I couldn't manage to get getToolName to print anything even with a hardcoded int, and it's not possible to put a debugger on Burp, so I gave up.
System.out.println( (messageIsRequest ? "HTTP request to " : "HTTP response from ") + messageInfo.getHttpService());
System.out.println(" [callbacks.getToolName(toolFlag)] = "); System.out.println(callbacks.getToolName(toolFlag));
Anyway, this will print to the console, but you won't see any value for toolFlag.