Help us understand the problem. What is going on with this article?

【BurpSuite】BurpExtender作成メモ1 APIで取得できる設定情報

More than 3 years have passed since last update.

BurpExtender API で取得できるBurpSuiteの設定情報を一覧化してみました。
Extenderからあれやこれやしたい場合の参考になればと。

1.環境

Burp Suite Free Edition v.1.6.32
java version "1.8.0_45"
MacOS X 10.11.3

2.取得方法

Interface IBurpExtenderCallbacks

java.util.Map<java.lang.String,java.lang.String> saveConfig()
を列挙します。

3.一覧

デフォルト設定で起動直後の値です。
Key : value形式です。

comparer.ComparerUpdateCookieJar : false
decoder.DecoderUpdateCookieJar : false
extender.autoreloadextensions : true
extender.ExtenderUpdateCookieJar : false
extender.JRubyJarLocation :
extender.JythonJarLocation :
extender.LibraryJarsFolder :
extender.ModuleFolder :
intruder.attacktype : 0
intruder.autoplacementappend : false
intruder.dosmode : false
intruder.extractgrep.dogrep : false
intruder.extractgrep.ext0 : **empty**
intruder.extractgrep.maxlen : 100
intruder.fixedthrottleval : 0
intruder.followredirects : 0
intruder.host : 127.0.0.1
intruder.IntruderUpdateCookieJar : false
intruder.makebaselinerequest : true
intruder.matchgrep.casesensitive : false
intruder.matchgrep.dogrep : false
intruder.matchgrep.excludeheaders : true
intruder.matchgrep.item0 : error
intruder.matchgrep.item1 : exception
intruder.matchgrep.item10 : unknown
intruder.matchgrep.item11 : uid=
intruder.matchgrep.item12 : c:\
intruder.matchgrep.item13 : varchar
intruder.matchgrep.item14 : ODBC
intruder.matchgrep.item15 : SQL
intruder.matchgrep.item16 : quotation mark
intruder.matchgrep.item17 : syntax
intruder.matchgrep.item18 : ORA-
intruder.matchgrep.item19 : 111111
intruder.matchgrep.item2 : illegal
intruder.matchgrep.item3 : invalid
intruder.matchgrep.item4 : fail
intruder.matchgrep.item5 : stack
intruder.matchgrep.item6 : access
intruder.matchgrep.item7 : directory
intruder.matchgrep.item8 : file
intruder.matchgrep.item9 : not found
intruder.matchgrep.simplepattern : true
intruder.newtabbehavior : 0
intruder.numattackthreads : 1
intruder.numretries : 3
intruder.pausebeforeretry : 2000
intruder.payloadgrep.casesensitive : false
intruder.payloadgrep.dogrep : false
intruder.payloadgrep.excludeheaders : false
intruder.payloadgrep.matchpreencoded : true
intruder.payloadpositions64 : UE9TVCAvZXhhbXBsZT9wMT2ncDF2YWynJnAyPadwMnZhbKcgSFRUUC8xLjANCkNvb2tpZTogYz2nY3ZhbKcNCkNvbnRlbnQtTGVuZ3RoOiAxNw0KDQpwMz2ncDN2YWynJnA0PadwNHZhbKc=
intruder.payloadprocessor.dourlencode : true
intruder.payloadprocessor.rule0 : **empty**
intruder.payloadprocessor.urlencodechars : ./\=<>?+&*;:
intruder.payloadsdir :
intruder.port : 80
intruder.processcookiesinredirects : false
intruder.setconnectionclose : true
intruder.ssl : false
intruder.startdelay : 10
intruder.startwhen : 0
intruder.storepayloads : false
intruder.storerequests : true
intruder.storeresponses : true
intruder.throttlefixed : true
intruder.updateCLheader : true
intruder.varthrottlestart : 0
intruder.varthrottlestep : 30000
proxy.addconnectionclose : false
proxy.addconnectionclosetoincomingrequests : true
proxy.allowfqhostnamesinwebinterface : false
proxy.autoaddsslpassthroughonfailure : false
proxy.converthttpslinks : false
proxy.disableburpinterface : false
proxy.disablehistorylogging : false
proxy.enabledisabledfields : false
proxy.fixrequestcrlf : false
proxy.hideextensions : false
proxy.hideextensionsitems : js,gif,jpg,png,css
proxy.hideunresponded : false
proxy.highightunhiddenfields : false
proxy.http10 : false
proxy.http10responses : false
proxy.interceptenablestateatstartup : 1
proxy.interceptresponses : false
proxy.interceptresquests : true
proxy.listener :
proxy.listener0 : 1.8080.1.0..0.0.1.0..0..0..0.
proxy.MasterIntercept : 1
proxy.matchreplacerule0 : 2.0.0.14.^User-Agent.*\$.62.User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0).10.Emulate IE.0.
proxy.matchreplacerule1 : 2.0.0.14.^User-Agent.*\$.146.User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3.11.Emulate iOS.0.
proxy.matchreplacerule10 : 2.0.2.31.^Strict-Transport-Security.*\$.0..19.Remove HSTS headers.0.
proxy.matchreplacerule11 : 2.0.2.0..19.X-XSS-Protection: 0.30.Disable browser XSS protection.0.
proxy.matchreplacerule2 : 2.0.0.14.^User-Agent.*\$.144.User-Agent: Mozilla/5.0 (Linux; U; Android 2.2; en-us; Droid Build/FRG22D) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1.15.Emulate Android.0.
proxy.matchreplacerule3 : 2.0.0.21.^If-Modified-Since.*\$.0..27.Require non-cached response.0.
proxy.matchreplacerule4 : 2.0.0.17.^If-None-Match.*\$.0..27.Require non-cached response.0.
proxy.matchreplacerule5 : 2.0.0.11.^Referer.*\$.0..19.Hide Referer header.0.
proxy.matchreplacerule6 : 2.0.0.19.^Accept-Encoding.*\$.0..32.Require non-compressed responses.0.
proxy.matchreplacerule7 : 2.0.2.14.^Set-Cookie.*\$.0..14.Ignore cookies.0.
proxy.matchreplacerule8 : 2.0.0.23.^Host: foo.example.org\$.21.Host: bar.example.org.19.Rewrite Host header.0.
proxy.matchreplacerule9 : 2.0.0.0..23.Origin: foo.example.org.23.Add spoofed CORS origin.0.
proxy.ProxyUpdateCookieJar : true
proxy.removealljavascript : false
proxy.removejsformvalidation : false
proxy.removelengthlimits : false
proxy.removeobjecttags : false
proxy.removesecurecookieflag : false
proxy.requestrule0 : 1.0.5.1.(^gif\$|^jpg\$|^png\$|^css\$|^js\$|^ico\$)
proxy.requestrule1 : 0.1.6.0.
proxy.requestrule2 : 0.1.3.1.(get|post)
proxy.requestrule3 : 0.0.4.2.
proxy.responserule0 : 1.1.13.0.text
proxy.responserule1 : 0.1.6.4.
proxy.responserule2 : 0.1.6.2.
proxy.responserule3 : 0.0.12.1.^304$
proxy.responserule4 : 0.0.4.2.
proxy.searchcasesensitive : false
proxy.searchnegative : false
proxy.searchregex : false
proxy.searchterm :
proxy.showextensions : false
proxy.showextensionsitems : asp,aspx,jsp,php
proxy.showmimecss : false
proxy.showmimeflash : true
proxy.showmimehtml : true
proxy.showmimeimages : false
proxy.showmimeotherbinary : false
proxy.showmimeothertext : true
proxy.showmimescript : true
proxy.showmimexml : true
proxy.showonlycommented : false
proxy.showonlyhighlighted : false
proxy.showonlyinscope : false
proxy.showonlyparameterized : false
proxy.showstatus2xx : true
proxy.showstatus3xx : true
proxy.showstatus4xx : true
proxy.showstatus5xx : true
proxy.sslpassthroughtargetscopeinclude0 : **empty**
proxy.stripproxyheaders : true
proxy.supresssburperrors : false
proxy.unhidehiddenfields : false
proxy.unpackgzipdeflate : true
proxy.unpackgzipdeflaterequests : false
proxy.updaterequestcontentlength : true
proxy.updateresponsecontentlength : true
proxy.wshideincoming : false
proxy.wshideoutgoing : false
proxy.wsinterceptincoming : true
proxy.wsinterceptoutgoing : true
proxy.wslistener :
proxy.wssearchcasesensitive : false
proxy.wssearchnegative : false
proxy.wssearchregex : false
proxy.wssearchterm :
proxy.wsshowonlycommented : false
proxy.wsshowonlyhighlighted : false
proxy.wsshowonlyinscope : false
repeater.followredirects : 0
repeater.processcookiesinredirects : false
repeater.RepeaterUpdateCookieJar : false
repeater.unpackgzipdeflate : true
repeater.updateCL : true
repeater.view : 1
scanner.ScannerUpdateCookieJar : false
sequencer.doBase64Decode : false
sequencer.doBitCompress : true
sequencer.doBitCorrelation : true
sequencer.doCSCount : true
sequencer.doCSTransitions : true
sequencer.doFIPS1 : true
sequencer.doFIPS2 : true
sequencer.doFIPS3 : true
sequencer.doFIPS4 : true
sequencer.doSpectral : true
sequencer.ignoreAbnormalLengths : true
sequencer.maxDeviation : 5
sequencer.numThreads : 5
sequencer.padAtEnd : false
sequencer.padChar : 48
sequencer.SequencerUpdateCookieJar : false
sequencer.throttle : 0
spider.apploginmode : 2
spider.checkrobotstxt : true
spider.customheader0 : Accept: */*
spider.customheader1 : Accept-Language: en
spider.customheader2 : User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
spider.customheader3 : Connection: close
spider.defaultautofillvalue : 555-555-0199@example.com
spider.detectnotfound : true
spider.dothrottle : false
spider.formsidentitycriteria : 2
spider.formsubmissionmode : 0
spider.iteratesubmitfields : true
spider.loginpassword :
spider.loginusername :
spider.maxformsubmissions : 10
spider.maxlinkdepth : 5
spider.maxparamrequestsperurl : 50
spider.numretries : 3
spider.numthreads : 10
spider.paramautofillrule0 : 1.1.4.mail.18.winter@example.com
spider.paramautofillrule1 : 1.1.5.first.5.Peter
spider.paramautofillrule10 : 1.1.4.post.8.SW1A 1AA
spider.paramautofillrule11 : 1.1.4.area.3.555
spider.paramautofillrule12 : 1.1.5.phone.12.555-555-0199
spider.paramautofillrule13 : 1.1.3.tel.12.555-555-0199
spider.paramautofillrule14 : 1.1.3.ssn.11.123 45 6789
spider.paramautofillrule15 : 1.1.6.social.11.123 45 6789
spider.paramautofillrule16 : 1.1.3.age.2.30
spider.paramautofillrule17 : 1.1.3.day.2.01
spider.paramautofillrule18 : 1.1.5.month.2.01
spider.paramautofillrule19 : 1.1.4.year.4.1980
spider.paramautofillrule2 : 1.1.4.last.6.Winter
spider.paramautofillrule20 : 1.1.8.passport.10.0123456789
spider.paramautofillrule3 : 1.1.7.surname.6.Winter
spider.paramautofillrule4 : 1.1.4.name.12.Peter Winter
spider.paramautofillrule5 : 1.1.4.comp.17.Winter Consulting
spider.paramautofillrule6 : 1.1.4.addr.13.1 Main Street
spider.paramautofillrule7 : 1.1.4.city.11.Winterville
spider.paramautofillrule8 : 1.1.5.state.2.WI
spider.paramautofillrule9 : 1.1.3.zip.5.36310
spider.pausebeforeretry : 2000
spider.processproxyrequests : true
spider.proxylinkdepth : 0
spider.requestdynpageswithoutparams : true
spider.requestfolderroots : true
spider.requesttexttypesonly : true
spider.scopeexclude0 : 1.0.0.0.logout
spider.scopeexclude1 : 1.0.0.0.logoff
spider.scopeexclude2 : 1.0.0.0.exit
spider.scopeexclude3 : 1.0.0.0.signout
spider.scopeinclude0 : **empty**
spider.scopetype : 2
spider.setunmatchedfields : true
spider.SpiderUpdateCookieJar : true
spider.throttleinterval : 0
spider.throttlerandom : false
spider.usehttp11 : true
spider.usereferer : true
suite.allowHttpRequestsInHtmlRendering : true
suite.allowUnsafeRenegotiation : false
suite.analyseAndDisplayAmf : false
suite.autoSaveFolder :
suite.autoSaveInterval : 30
suite.autoselectsslparams : true
suite.charsetMode : _CharsetAutoRecognise
suite.collaboratorPollingLocation :
suite.collaboratorServerLocation :
suite.collaboratorServerType : 0
suite.colouriseRequests : true
suite.colouriseResponses : true
suite.disablesniextension : false
suite.dnstimeoutmilli : 300000
suite.doAutoSave : false
suite.dodnsoversocks : false
suite.dowwwauth : true
suite.dropoutofscope : false
suite.enableblockedsslalgorithms : true
suite.extension0 : PGVjPjx0PgAAAAABPC90PjxmPgMAAAAeL1VzZXJzL3RvZ2F3YS9EZXNrdG9wL29zd20uamFyPC9mPjxuPgMAAAAWT2dhU2VuZFRvV2luTWFyZ2UgdjAuOTwvbj48b28+AAAAAAI8L29vPjxlbz4AAAAAAjwvZW8+PGw+AgE8L2w+PGI+AgA8L2I+PC9lYz4=
suite.faileddnstimeoutmilli : 60000
suite.feedbackReportingEnabled : true
suite.hostresolverrule0 : **empty**
suite.hotkey0 : 131328.390.82.
suite.hotkey1 : 131584.390.73.
suite.hotkey10 : 266240.390.45.
suite.hotkey11 : 266496.390.61.
suite.hotkey12 : 393472.390.88.
suite.hotkey13 : 393728.390.67.
suite.hotkey14 : 393984.390.86.
suite.hotkey15 : 394240.390.90.
suite.hotkey16 : 394496.390.89.
suite.hotkey17 : 394752.390.65.
suite.hotkey18 : 395008.390.83.
suite.hotkey19 : 395040.390.44.
suite.hotkey2 : 262400.390.70.
suite.hotkey20 : 395072.390.46.
suite.hotkey21 : 395520.455.85.
suite.hotkey22 : 395776.390.85.
suite.hotkey23 : 396544.455.72.
suite.hotkey24 : 396800.390.72.
suite.hotkey25 : 397824.455.66.
suite.hotkey26 : 398080.390.66.
suite.hotkey27 : 399360.390.8.
suite.hotkey28 : 399616.390.127.
suite.hotkey29 : 399872.390.68.
suite.hotkey3 : 262912.390.84.
suite.hotkey30 : 400128.390.37.
suite.hotkey31 : 400384.455.37.
suite.hotkey32 : 400640.390.39.
suite.hotkey33 : 400896.455.39.
suite.hotkey34 : 401152.390.38.
suite.hotkey35 : 401408.455.38.
suite.hotkey36 : 401664.390.40.
suite.hotkey37 : 401920.455.40.
suite.hotkey38 : 402176.390.36.
suite.hotkey39 : 402432.455.36.
suite.hotkey4 : 263424.455.84.
suite.hotkey40 : 402688.390.35.
suite.hotkey41 : 402944.455.35.
suite.hotkey5 : 263680.455.80.
suite.hotkey6 : 264448.455.73.
suite.hotkey7 : 264704.455.82.
suite.hotkey8 : 265728.455.79.
suite.hotkey9 : 265984.455.65.
suite.inScopeOnly : false
suite.macro0 : **empty**
suite.messageFont : Courier
suite.messageFontSize : 12
suite.messageFontSmoothing : false
suite.normaltimeoutmilli : 120000
suite.promptforcredentials : false
suite.readtilclosetimeoutmilli : 10000
suite.redirDo3xxLocation : true
suite.redirDoJavascriptDriven : false
suite.redirDoMetaRefresh : true
suite.redirDoXxxLocation : false
suite.redirRefreshHeader : true
suite.remove100continueheaders : false
suite.saveOnExit : true
suite.scheduledtask0 : **empty**
suite.sessionrule0 : PHNlc3Npb25ydWxlPjxjYT4CATwvY2E+PGQ+AwAAACJVc2UgY29va2llcyBmcm9tIEJ1cnAncyBjb29raWUgamFyPC9kPjxwc20+PG5hbWU+AwAAAAlzY29wZXR5cGU8L25hbWU+PHZhbHVlPgMAAAABMTwvdmFsdWU+PG5hbWU+AwAAAA1zY29wZWluY2x1ZGUwPC9uYW1lPjx2YWx1ZT4DAAAACSoqZW1wdHkqKjwvdmFsdWU+PG5hbWU+AwAAAA1zY29wZWV4Y2x1ZGUwPC9uYW1lPjx2YWx1ZT4DAAAACSoqZW1wdHkqKjwvdmFsdWU+PC9wc20+PGFmcD4CADwvYWZwPjxhZnA+AgA8L2FmcD48YWZwPgIBPC9hZnA+PGFmcD4CATwvYWZwPjxhZnA+AgA8L2FmcD48YWZwPgIAPC9hZnA+PGFmcD4CADwvYWZwPjxhZnA+AgA8L2FmcD48YWZwPgIAPC9hZnA+PGFmcD4CADwvYWZwPjxwYz4DAAAAElNwaWRlciBhbmQgU2Nhbm5lcjwvcGM+PHJucD4CADwvcm5wPjxhY3Rpb24+PHR5cGU+AAAAAAI8L3R5cGU+PGNhPgIBPC9jYT48bW8+AAAAAAA8L21vPjwvYWN0aW9uPjwvc2Vzc2lvbnJ1bGU+
suite.socksproxyhost :
suite.socksproxypassword :
suite.socksproxyport : 0
suite.socksproxyusername :
suite.sslcipher0 : TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
suite.sslcipher1 : TLS
ECDHE_RSA_WITH_AES_128_CBC_SHA256
suite.sslcipher10 : TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
suite.sslcipher11 : TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
suite.sslcipher12 : TLS_DHE_RSA_WITH_AES_128_CBC_SHA
suite.sslcipher13 : TLS_DHE_DSS_WITH_AES_128_CBC_SHA
suite.sslcipher14 : TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
suite.sslcipher15 : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
suite.sslcipher16 : TLS_RSA_WITH_AES_128_GCM_SHA256
suite.sslcipher17 : TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
suite.sslcipher18 : TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
suite.sslcipher19 : TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
suite.sslcipher2 : TLS_RSA_WITH_AES_128_CBC_SHA256
suite.sslcipher20 : TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
suite.sslcipher21 : TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
suite.sslcipher22 : TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
suite.sslcipher23 : SSL_RSA_WITH_3DES_EDE_CBC_SHA
suite.sslcipher24 : TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
suite.sslcipher25 : TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
suite.sslcipher26 : SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
suite.sslcipher27 : SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
suite.sslcipher28 : TLS_EMPTY_RENEGOTIATION_INFO_SCSV
suite.sslcipher3 : TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
suite.sslcipher4 : TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
suite.sslcipher5 : TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
suite.sslcipher6 : TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
suite.sslcipher7 : TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
suite.sslcipher8 : TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
suite.sslcipher9 : TLS_RSA_WITH_AES_128_CBC_SHA
suite.sslclientcertrule0 : **empty**
suite.sslprotocol0 : SSLv3
suite.sslprotocol1 : TLSv1
suite.sslprotocol2 : TLSv1.1
suite.sslprotocol3 : TLSv1.2
suite.storestreamingresponses : true
suite.stripCEfromstreamingresponses : true
suite.tempDir :
suite.uifontsize : 12
suite.uilookandfeel : Nimbus
suite.understand100continue : true
suite.upstreamproxyrule0 : **empty**
suite.useHttpForCollaboratorPolling : false
suite.usesocksproxy : false
suite.wwwcredentials0 : **empty**
target.dashboardstyle : SIDE_BY_SIDE
target.droprequestsscopeexclude0 : 1.0.0.0.logout
target.droprequestsscopeexclude1 : 1.0.0.0.logoff
target.droprequestsscopeexclude2 : 1.0.0.0.exit
target.droprequestsscopeexclude3 : 1.0.0.0.signout
target.droprequestsscopeinclude0 : **empty**
target.droprequestsscopetype : 2
target.hideemptyfolders : true
target.hideextensions : false
target.hideextensionsitems : js,gif,jpg,png,css
target.hidenotfound : true
target.scopeexclude0 : 1.0.0.0.logout
target.scopeexclude1 : 1.0.0.0.logoff
target.scopeexclude2 : 1.0.0.0.exit
target.scopeexclude3 : 1.0.0.0.signout
target.scopeinclude0 : **empty**
target.searchcasesensitive : false
target.searchnegative : false
target.searchregex : false
target.searchterm :
target.showextensions : false
target.showextensionsitems : asp,aspx,jsp,php
target.showmimecss : false
target.showmimeflash : true
target.showmimehtml : true
target.showmimeimages : false
target.showmimeotherbinary : false
target.showmimeothertext : true
target.showmimescript : true
target.showmimexml : true
target.showonlycommented : false
target.showonlyhighlighted : false
target.showonlyinscope : false
target.showonlyparameterized : false
target.showonlyrequested : false
target.showstatus2xx : true
target.showstatus3xx : true
target.showstatus4xx : false
target.showstatus5xx : true
target.streamingresponsesscopeinclude0 : **empty**
target.TargetUpdateCookieJar : false

以上です。多い・・・

OgaworldEX
しがないアプリ開発者&セキュリティエンジニアです。
http://www.ogaworldexplosion.com/
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
No comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ユーザーは見つかりませんでした