Added highlighting for the scanner issues to now highlight the accept…

…ed payload
NetSPI · Dec 23, 2014 · a2d9b45 · a2d9b45
1 parent 375551d
commit a2d9b45
Showing 1 changed file with 20 additions and 5 deletions.
diff --git a/burp-extender/src/burp/BurpExtender.java b/burp-extender/src/burp/BurpExtender.java
@@ -185,8 +185,6 @@ public boolean sendToDetector(String detectorUrl, IHttpRequestResponse messageIn
                 String responseAsString = EntityUtils.toString(response
                         .getEntity());
 
-                this.stdout.println("Response: " + responseAsString);
-
                 if (responseAsString.toLowerCase().contains(
                         BurpExtender.triggerPhrase.toLowerCase())) {
                     String newResponse = this.helpers
@@ -204,6 +202,25 @@ public boolean sendToDetector(String detectorUrl, IHttpRequestResponse messageIn
         return vulnerable;
     }
 
+    // helper method to search a response for occurrences of a literal match string
+    // and return a list of start/end offsets
+    private List<int[]> getMatches(byte[] response, byte[] match)
+    {
+        List<int[]> matches = new ArrayList<int[]>();
+
+        int start = 0;
+        while (start < response.length)
+        {
+            start = helpers.indexOf(response, match, true, start, response.length);
+            if (start == -1)
+                break;
+            matches.add(new int[] { start, start + match.length });
+            start += match.length;
+        }
+
+        return matches;
+    }
+
     @Override
     public List<IScanIssue> doActiveScan(IHttpRequestResponse baseRequestResponse, IScannerInsertionPoint insertionPoint) {
         IntruderPayloadGenerator payloadGenerator = new IntruderPayloadGenerator(this);
@@ -224,9 +241,7 @@ public List<IScanIssue> doActiveScan(IHttpRequestResponse baseRequestResponse, I
                 vulnerable = sendToDetector(this.slimerURL.getText(), messageInfo);
 
             // Update this to actually detect matches
-            List<int[]> matches = new ArrayList<int[]>();
-            byte[] response = baseRequestResponse.getResponse();
-            matches.add(new int[] { 0, 1 });
+            List<int[]> matches = getMatches(messageInfo.getResponse(), triggerPhrase.getBytes());
 
             if(vulnerable) {
                 String payloadStr = new String(payload);