Interface AuditInsertionPoint

public interface AuditInsertionPoint
This interface is used to define an insertion point for use by active Scan checks. Extensions can obtain instances of this interface by registering an ScanCheck, or can create instances for use by Burp's own scan checks by registering an AuditInsertionPointProvider.
  • Method Details

    • name

      String name()
      Name of this insertion point.
      The name of this insertion point (for example, a description of a particular request parameter).
    • baseValue

      String baseValue()
      Base value for this insertion point.
      the base value that appears in this insertion point in the base request being audited, or null if there is no value in the base request that corresponds to this insertion point.
    • buildHttpRequestWithPayload

      HttpRequest buildHttpRequestWithPayload(ByteArray payload)
      Build a request with the specified payload placed into the insertion point. There is no requirement for extension-provided insertion points to adjust the Content-Length header in requests if the body length has changed, although Burp-provided insertion points will always do this and will return a request with a valid Content-Length header. Note: Scan checks should submit raw non-encoded payloads to insertion points, and the insertion point has responsibility for performing any data encoding that is necessary given the nature and location of the insertion point.
      payload - The payload that should be placed into the insertion point.
      The resulting request.
    • issueHighlights

      List<Range> issueHighlights(ByteArray payload)
      Determine the offsets of the payload value within the request, when it is placed into the insertion point. Scan checks may invoke this method when reporting issues, so as to highlight the relevant part of the request within the UI.
      payload - The payload that should be placed into the insertion point.
      A list of Range objects containing the start and end offsets of the payload within the request, or an empty list if this is not applicable (for example, where the insertion point places a payload into a serialized data structure, the raw payload may not literally appear anywhere within the resulting request).
    • type

      default AuditInsertionPointType type()
      Type of this insertion point.
      The AuditInsertionPointType for this insertion point.
    • auditInsertionPoint

      static AuditInsertionPoint auditInsertionPoint(String name, HttpRequest baseRequest, int startIndexInclusive, int endIndexExclusive)
      This method can be used to create an audit insertion point based on offsets.
      name - The name of the audit insertion point.
      baseRequest - The base HttpRequest.
      startIndexInclusive - The start index inclusive.
      endIndexExclusive - The end index exclusive.
      The AuditInsertionPoint based on offsets.