Protocol is now passed to xss-detectors

NetSPI · Sep 15, 2014 · 825290d · 825290d
1 parent d47a8e2
commit 825290d
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/burp-extender/src/burp/BurpExtender.java b/burp-extender/src/burp/BurpExtender.java
@@ -213,7 +213,7 @@ public Component getUiComponent() {
     * Parse URL and cookie values from intruderRequest
     * return for use in xss-detectors
     */
-    public String[] fetchRequestVals(byte[] intruderRequest) {
+    public String[] fetchRequestVals(byte[] intruderRequest, String proto) {
         String request = this.helpers.bytesToString(intruderRequest);
 
         String urlPattern = "(GET|POST) (.*) H";
@@ -242,8 +242,7 @@ public String[] fetchRequestVals(byte[] intruderRequest) {
         while(cookieMatcher.find()) {
             cookies = cookieMatcher.group(1);
         }
-
-        intruderUrl = intruderHost + intruderUrl;
+        intruderUrl = proto + "://" + intruderHost + intruderUrl;
 
         String[] requestVals = new String[2];
         requestVals[0] = intruderUrl;
@@ -258,7 +257,7 @@ public void processHttpMessage(int toolFlag, boolean messageIsRequest,
             if ((toolFlag == 32) && (!messageIsRequest)) {
 
                 // Grab request information from messageInfo.getRequest()
-                String[] requestInfo = fetchRequestVals(messageInfo.getRequest());
+                String[] requestInfo = fetchRequestVals(messageInfo.getRequest(), messageInfo.getHttpService().getProtocol());
                 String intruderURL = requestInfo[0];
                 String cookies = requestInfo[1];