Package burp.api.montoya.scanner.audit.insertionpoint

Interface AuditInsertionPoint

public interface AuditInsertionPoint

This interface is used to define an insertion point for use by active Scan checks. Extensions can obtain instances of this interface by registering an ScanCheck, or can create instances for use by Burp's own scan checks by registering an AuditInsertionPointProvider.

Method Summary

Modifier and Type	Method	Description
static AuditInsertionPoint	auditInsertionPoint(String name, HttpRequest baseRequest, int startIndexInclusive, int endIndexExclusive)	This method can be used to create an audit insertion point based on offsets.
String	baseValue()	Base value for this insertion point.
HttpRequest	buildHttpRequestWithPayload(ByteArray payload)	Build a request with the specified payload placed into the insertion point.
List<Range>	issueHighlights(ByteArray payload)	Determine the offsets of the payload value within the request, when it is placed into the insertion point.
String	name()	Name of this insertion point.
default AuditInsertionPointType	type()	Type of this insertion point.

Method Details

name

String name()

Name of this insertion point.

Returns:

The name of this insertion point (for example, a description of a particular request parameter).

baseValue

String baseValue()

Base value for this insertion point.

Returns:

the base value that appears in this insertion point in the base request being audited, or null if there is no value in the base request that corresponds to this insertion point.

buildHttpRequestWithPayload

HttpRequest buildHttpRequestWithPayload(ByteArray payload)

Build a request with the specified payload placed into the insertion point. There is no requirement for extension-provided insertion points to adjust the Content-Length header in requests if the body length has changed, although Burp-provided insertion points will always do this and will return a request with a valid Content-Length header. Note: Scan checks should submit raw non-encoded payloads to insertion points, and the insertion point has responsibility for performing any data encoding that is necessary given the nature and location of the insertion point.

Parameters:

payload - The payload that should be placed into the insertion point.

Returns:

The resulting request.

issueHighlights

List<Range> issueHighlights(ByteArray payload)

Determine the offsets of the payload value within the request, when it is placed into the insertion point. Scan checks may invoke this method when reporting issues, so as to highlight the relevant part of the request within the UI.

Parameters:

payload - The payload that should be placed into the insertion point.

Returns:

A list of Range objects containing the start and end offsets of the payload within the request, or an empty list if this is not applicable (for example, where the insertion point places a payload into a serialized data structure, the raw payload may not literally appear anywhere within the resulting request).

type

default AuditInsertionPointType type()

Type of this insertion point.

Returns:

The AuditInsertionPointType for this insertion point.

auditInsertionPoint

static AuditInsertionPoint auditInsertionPoint(String name,
 HttpRequest baseRequest,
 int startIndexInclusive,
 int endIndexExclusive)

This method can be used to create an audit insertion point based on offsets.

Parameters:

name - The name of the audit insertion point.

baseRequest - The base HttpRequest.

startIndexInclusive - The start index inclusive.

endIndexExclusive - The end index exclusive.

Returns:

The AuditInsertionPoint based on offsets.