Interface AuditInsertionPoint
public interface AuditInsertionPoint
This interface is used to define an insertion point for use by active Scan
checks. Extensions can obtain instances of this interface by registering an
ScanCheck, or can create instances for use by Burp's own scan checks
by registering an AuditInsertionPointProvider.-
Method Summary
Modifier and TypeMethodDescriptionstatic AuditInsertionPointauditInsertionPoint(String name, HttpRequest baseRequest, int startIndexInclusive, int endIndexExclusive) This method can be used to create an audit insertion point based on offsets.Base value for this insertion point.buildHttpRequestWithPayload(ByteArray payload) Build a request with the specified payload placed into the insertion point.issueHighlights(ByteArray payload) Determine the offsets of the payload value within the request, when it is placed into the insertion point.name()Name of this insertion point.default AuditInsertionPointTypetype()Type of this insertion point.
-
Method Details
-
name
String name()Name of this insertion point.- Returns:
- The name of this insertion point (for example, a description of a particular request parameter).
-
baseValue
String baseValue()Base value for this insertion point.- Returns:
- the base value that appears in this insertion point in the base
request being audited, or
nullif there is no value in the base request that corresponds to this insertion point.
-
buildHttpRequestWithPayload
Build a request with the specified payload placed into the insertion point. There is no requirement for extension-provided insertion points to adjust the Content-Length header in requests if the body length has changed, although Burp-provided insertion points will always do this and will return a request with a valid Content-Length header. Note: Scan checks should submit raw non-encoded payloads to insertion points, and the insertion point has responsibility for performing any data encoding that is necessary given the nature and location of the insertion point.- Parameters:
payload- The payload that should be placed into the insertion point.- Returns:
- The resulting request.
-
issueHighlights
Determine the offsets of the payload value within the request, when it is placed into the insertion point. Scan checks may invoke this method when reporting issues, so as to highlight the relevant part of the request within the UI.- Parameters:
payload- The payload that should be placed into the insertion point.- Returns:
- A list of
Rangeobjects containing the start and end offsets of the payload within the request, or an empty list if this is not applicable (for example, where the insertion point places a payload into a serialized data structure, the raw payload may not literally appear anywhere within the resulting request).
-
type
Type of this insertion point.- Returns:
- The
AuditInsertionPointTypefor this insertion point.
-
auditInsertionPoint
static AuditInsertionPoint auditInsertionPoint(String name, HttpRequest baseRequest, int startIndexInclusive, int endIndexExclusive) This method can be used to create an audit insertion point based on offsets.- Parameters:
name- The name of the audit insertion point.baseRequest- The baseHttpRequest.startIndexInclusive- The start index inclusive.endIndexExclusive- The end index exclusive.- Returns:
- The
AuditInsertionPointbased on offsets.
-