Add files via upload

burptime/README.md

@@ -0,0 +1,9 @@
+# burptime 
+
+Show time cost in burp proxy history, it's useful when testing time-based sql injection.
+
+![](https://user-images.githubusercontent.com/4939404/55725778-eea97300-5a40-11e9-956d-edbc04aca094.png)
+
+Similar plugin: [Request Timer](https://portswigger.net/bappstore/56675bcf2a804d3096465b2868ec1d65S)
+
+It's more powerful, but when there is a lot of request/response data, it has some performance issues.

burptime/src/BurpExtender.java

@@ -0,0 +1,31 @@
+package burp;
+
+import java.io.PrintWriter;
+import java.util.concurrent.ConcurrentHashMap;
+
+public class BurpExtender implements IBurpExtender, IProxyListener {
+    private PrintWriter stdout;
+    private ConcurrentHashMap<Integer, Long> timeMap = new ConcurrentHashMap<>();
+    private IBurpExtenderCallbacks callbacks;
+
+    @Override
+    public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
+        this.callbacks = callbacks;
+        callbacks.setExtensionName("Burp Show Response Time");
+        stdout = new PrintWriter(callbacks.getStdout(), true);
+        callbacks.registerProxyListener(this);
+    }
+
+    @Override
+    public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessage message) {
+        int messageRef = message.getMessageReference();
+        long now = System.currentTimeMillis();
+        if (messageIsRequest) {
+            this.timeMap.put(messageRef, now);
+        } else {
+            long delta = now - this.timeMap.get(messageRef);
+            this.timeMap.remove(messageRef);
+            message.getMessageInfo().setComment(Long.toString(delta) + " ms");
+        }
+    }
+}

burptime/src/burp/IBurpCollaboratorClientContext.java

@@ -0,0 +1,97 @@
+package burp;
+
+/*
+ * @(#)IBurpCollaboratorClientContext.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Community Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.util.List;
+
+/**
+ * This interface represents an instance of a Burp Collaborator client context,
+ * which can be used to generate Burp Collaborator payloads and poll the
+ * Collaborator server for any network interactions that result from using those
+ * payloads. Extensions can obtain new instances of this class by calling
+ * <code>IBurpExtenderCallbacks.createBurpCollaboratorClientContext()</code>.
+ * Note that each Burp Collaborator client context is tied to the Collaborator
+ * server configuration that was in place at the time the context was created.
+ */
+public interface IBurpCollaboratorClientContext
+{
+
+    /**
+     * This method is used to generate new Burp Collaborator payloads.
+     *
+     * @param includeCollaboratorServerLocation Specifies whether to include the
+     * Collaborator server location in the generated payload.
+     * @return The payload that was generated.
+     *
+     * @throws IllegalStateException if Burp Collaborator is disabled
+     */
+    String generatePayload(boolean includeCollaboratorServerLocation);
+
+    /**
+     * This method is used to retrieve all interactions received by the
+     * Collaborator server resulting from payloads that were generated for this
+     * context.
+     *
+     * @return The Collaborator interactions that have occurred resulting from
+     * payloads that were generated for this context.
+     *
+     * @throws IllegalStateException if Burp Collaborator is disabled
+     */
+    List<IBurpCollaboratorInteraction> fetchAllCollaboratorInteractions();
+
+    /**
+     * This method is used to retrieve interactions received by the Collaborator
+     * server resulting from a single payload that was generated for this
+     * context.
+     *
+     * @param payload The payload for which interactions will be retrieved.
+     * @return The Collaborator interactions that have occurred resulting from
+     * the given payload.
+     *
+     * @throws IllegalStateException if Burp Collaborator is disabled
+     */
+    List<IBurpCollaboratorInteraction> fetchCollaboratorInteractionsFor(String payload);
+
+    /**
+     * This method is used to retrieve all interactions made by Burp Infiltrator
+     * instrumentation resulting from payloads that were generated for this
+     * context.
+     *
+     * @return The interactions triggered by the Burp Infiltrator
+     * instrumentation that have occurred resulting from payloads that were
+     * generated for this context.
+     *
+     * @throws IllegalStateException if Burp Collaborator is disabled
+     */
+    List<IBurpCollaboratorInteraction> fetchAllInfiltratorInteractions();
+
+    /**
+     * This method is used to retrieve interactions made by Burp Infiltrator
+     * instrumentation resulting from a single payload that was generated for
+     * this context.
+     *
+     * @param payload The payload for which interactions will be retrieved.
+     * @return The interactions triggered by the Burp Infiltrator
+     * instrumentation that have occurred resulting from the given payload.
+     *
+     * @throws IllegalStateException if Burp Collaborator is disabled
+     */
+    List<IBurpCollaboratorInteraction> fetchInfiltratorInteractionsFor(String payload);
+
+    /**
+     * This method is used to retrieve the network location of the Collaborator
+     * server.
+     *
+     * @return The hostname or IP address of the Collaborator server.
+     *
+     * @throws IllegalStateException if Burp Collaborator is disabled
+     */
+    String getCollaboratorServerLocation();
+}

burptime/src/burp/IBurpCollaboratorInteraction.java

@@ -0,0 +1,41 @@
+package burp;
+
+/*
+ * @(#)IBurpCollaboratorInteraction.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Community Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+import java.util.Map;
+
+/**
+ * This interface represents a network interaction that occurred with the Burp
+ * Collaborator server.
+ */
+public interface IBurpCollaboratorInteraction
+{
+
+    /**
+     * This method is used to retrieve a property of the interaction. Properties
+     * of all interactions are: interaction_id, type, client_ip, and time_stamp.
+     * Properties of DNS interactions are: query_type and raw_query. The
+     * raw_query value is Base64-encoded. Properties of HTTP interactions are:
+     * protocol, request, and response. The request and response values are
+     * Base64-encoded.
+     *
+     * @param name The name of the property to retrieve.
+     * @return A string representing the property value, or null if not present.
+     */
+    String getProperty(String name);
+
+    /**
+     * This method is used to retrieve a map containing all properties of the
+     * interaction.
+     *
+     * @return A map containing all properties of the interaction.
+     */
+    Map<String, String> getProperties();
+}

burptime/src/burp/IBurpExtender.java

@@ -0,0 +1,31 @@
+package burp;
+
+/*
+ * @(#)IBurpExtender.java
+ *
+ * Copyright PortSwigger Ltd. All rights reserved.
+ *
+ * This code may be used to extend the functionality of Burp Suite Community Edition
+ * and Burp Suite Professional, provided that this usage does not violate the
+ * license terms for those products.
+ */
+/**
+ * All extensions must implement this interface.
+ *
+ * Implementations must be called BurpExtender, in the package burp, must be
+ * declared public, and must provide a default (public, no-argument)
+ * constructor.
+ */
+public interface IBurpExtender
+{
+    /**
+     * This method is invoked when the extension is loaded. It registers an
+     * instance of the
+     * <code>IBurpExtenderCallbacks</code> interface, providing methods that may
+     * be invoked by the extension to perform various actions.
+     *
+     * @param callbacks An
+     * <code>IBurpExtenderCallbacks</code> object.
+     */
+    void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks);
+}