login

Burp Suite, the leading toolkit for web application security testing

PortSwigger Web Security Blog

Friday, 14 December 2012

Sample Burp Suite extension: traffic redirector

This extension demonstrates how to redirect outgoing HTTP requests from one host to another. This task might arise, for example, if you have mapped out an application which then moves to a different staging URL. By simply redirecting traffic to the new hostname, you can continue to drive your testing from the original site map.

The extension works as follows:
  • It registers itself as an HTTP listener.
  • For outgoing request messages, it retrieves the HTTP service for the request.
  • If the HTTP service host matches the "from" host, it uses a helper method to build a new HTTP service using the "to" host, and other details unchanged.
  • It updates the HTTP request with the new HTTP service.
Note: The sample code uses "host1.example.org" and "host2.example.org" as the "from" and "to" hostnames. You should edit the code to use your own hostnames before using it.

Download the traffic redirector extension. The download includes source code for Java and Python.

6 comments:

Anonymous said...

Could you show me what's wrong here?

I set:
HOST_FROM = "www.google.com"
HOST_TO = "www.bing.com"

But when I go to www.google.com, my browser (using Burp) tells me:

Invalid URL
The requested URL "/", is invalid.

My guess is that messageInfo.setHttpService(self._helpers.buildHttpService(BurpExtender.HOST_TO, httpService.getPort(), httpService.getProtocol()))
isn't working like it's supposed to...

Thanks for providing samples on how to use the extensions, very helpful.

PortSwigger said...

This should work ok. The error message suggests that Burp received a non-proxy-style request, so I wonder if you have some other configuration that is causing the redirected request to come back to the local Proxy listener (e.g. a redirection setting in your listener config, or a modified hosts file)?

smeege said...

Still pretty new to this extensibility, however it seems the following is the case:

HOST_FROM = "www.google.com"
HOST_TO = "www.bing.com"

will return the following error:

Invalid URL
The requested URL "/", is invalid.

Reference #9.6c6d1160.1357236647.321f8a45

BUT if you change your extension to:

HOST_FROM = "www.google.com"
HOST_TO = "bing.com"

This seems to redirect properly. I'm not 100% sure why this is (a problem with the extender?) but replacing the www.bing.com HOST_TO with bing.com fixes it.

PortSwigger said...

@smeege Ok, thanks. On closer inspection, this is all about Bing and nothing to do with Burp. If you use Burp Repeater to send the following request to www.bing.com:

GET / HTTP/1.1
Host: www.google.com

then it returns the error you are seeing. If you change the Host header, and send:

GET / HTTP/1.1
Host: www.bing.com

then you get a normal response. So this is just about how Bing handles requests with the other Host header.

The Burp API you're using only changes the HTTP service to which the request is sent. You can modify the Host header in the request as well, via your code, if you need to change that too.

Anonymous said...

the same function can be enabled with the integrated Hostname Resolution

PortSwigger said...

@Anonymous. Yes, thanks for that information. The point of the sample extension is to demonstrate using the APIs. Obviously, in your own code you could perform more useful logic to decide what messages get redirected, etc.


User Forum

Get help from other users, at the Burp Suite User Forum:

Visit the forum ›

Copyright 2014 PortSwigger Ltd. All rights reserved.