BurpExtender API で取得できるBurpSuiteの設定情報を一覧化してみました。
Extenderからあれやこれやしたい場合の参考になればと。
1.環境
Burp Suite Free Edition v.1.6.32
java version "1.8.0_45"
MacOS X 10.11.3
2.取得方法
Interface IBurpExtenderCallbacks
の
java.util.Map<java.lang.String,java.lang.String> saveConfig()
を列挙します。
3.一覧
デフォルト設定で起動直後の値です。
Key : value形式です。
comparer.ComparerUpdateCookieJar : false
decoder.DecoderUpdateCookieJar : false
extender.autoreloadextensions : true
extender.ExtenderUpdateCookieJar : false
extender.JRubyJarLocation :
extender.JythonJarLocation :
extender.LibraryJarsFolder :
extender.ModuleFolder :
intruder.attacktype : 0
intruder.autoplacementappend : false
intruder.dosmode : false
intruder.extractgrep.dogrep : false
intruder.extractgrep.ext0 : **empty**
intruder.extractgrep.maxlen : 100
intruder.fixedthrottleval : 0
intruder.followredirects : 0
intruder.host : 127.0.0.1
intruder.IntruderUpdateCookieJar : false
intruder.makebaselinerequest : true
intruder.matchgrep.casesensitive : false
intruder.matchgrep.dogrep : false
intruder.matchgrep.excludeheaders : true
intruder.matchgrep.item0 : error
intruder.matchgrep.item1 : exception
intruder.matchgrep.item10 : unknown
intruder.matchgrep.item11 : uid=
intruder.matchgrep.item12 : c:
intruder.matchgrep.item13 : varchar
intruder.matchgrep.item14 : ODBC
intruder.matchgrep.item15 : SQL
intruder.matchgrep.item16 : quotation mark
intruder.matchgrep.item17 : syntax
intruder.matchgrep.item18 : ORA-
intruder.matchgrep.item19 : 111111
intruder.matchgrep.item2 : illegal
intruder.matchgrep.item3 : invalid
intruder.matchgrep.item4 : fail
intruder.matchgrep.item5 : stack
intruder.matchgrep.item6 : access
intruder.matchgrep.item7 : directory
intruder.matchgrep.item8 : file
intruder.matchgrep.item9 : not found
intruder.matchgrep.simplepattern : true
intruder.newtabbehavior : 0
intruder.numattackthreads : 1
intruder.numretries : 3
intruder.pausebeforeretry : 2000
intruder.payloadgrep.casesensitive : false
intruder.payloadgrep.dogrep : false
intruder.payloadgrep.excludeheaders : false
intruder.payloadgrep.matchpreencoded : true
intruder.payloadpositions64 : UE9TVCAvZXhhbXBsZT9wMT2ncDF2YWynJnAyPadwMnZhbKcgSFRUUC8xLjANCkNvb2tpZTogYz2nY3ZhbKcNCkNvbnRlbnQtTGVuZ3RoOiAxNw0KDQpwMz2ncDN2YWynJnA0PadwNHZhbKc=
intruder.payloadprocessor.dourlencode : true
intruder.payloadprocessor.rule0 : **empty**
intruder.payloadprocessor.urlencodechars : ./\=<>?+&*;:
intruder.payloadsdir :
intruder.port : 80
intruder.processcookiesinredirects : false
intruder.setconnectionclose : true
intruder.ssl : false
intruder.startdelay : 10
intruder.startwhen : 0
intruder.storepayloads : false
intruder.storerequests : true
intruder.storeresponses : true
intruder.throttlefixed : true
intruder.updateCLheader : true
intruder.varthrottlestart : 0
intruder.varthrottlestep : 30000
proxy.addconnectionclose : false
proxy.addconnectionclosetoincomingrequests : true
proxy.allowfqhostnamesinwebinterface : false
proxy.autoaddsslpassthroughonfailure : false
proxy.converthttpslinks : false
proxy.disableburpinterface : false
proxy.disablehistorylogging : false
proxy.enabledisabledfields : false
proxy.fixrequestcrlf : false
proxy.hideextensions : false
proxy.hideextensionsitems : js,gif,jpg,png,css
proxy.hideunresponded : false
proxy.highightunhiddenfields : false
proxy.http10 : false
proxy.http10responses : false
proxy.interceptenablestateatstartup : 1
proxy.interceptresponses : false
proxy.interceptresquests : true
proxy.listener :
proxy.listener0 : 1.8080.1.0..0.0.1.0..0..0..0.
proxy.MasterIntercept : 1
proxy.matchreplacerule0 : 2.0.0.14.^User-Agent.*$.62.User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0).10.Emulate IE.0.
proxy.matchreplacerule1 : 2.0.0.14.^User-Agent.*$.146.User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3.11.Emulate iOS.0.
proxy.matchreplacerule10 : 2.0.2.31.^Strict-Transport-Security.*$.0..19.Remove HSTS headers.0.
proxy.matchreplacerule11 : 2.0.2.0..19.X-XSS-Protection: 0.30.Disable browser XSS protection.0.
proxy.matchreplacerule2 : 2.0.0.14.^User-Agent.*$.144.User-Agent: Mozilla/5.0 (Linux; U; Android 2.2; en-us; Droid Build/FRG22D) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1.15.Emulate Android.0.
proxy.matchreplacerule3 : 2.0.0.21.^If-Modified-Since.*$.0..27.Require non-cached response.0.
proxy.matchreplacerule4 : 2.0.0.17.^If-None-Match.*$.0..27.Require non-cached response.0.
proxy.matchreplacerule5 : 2.0.0.11.^Referer.*$.0..19.Hide Referer header.0.
proxy.matchreplacerule6 : 2.0.0.19.^Accept-Encoding.*$.0..32.Require non-compressed responses.0.
proxy.matchreplacerule7 : 2.0.2.14.^Set-Cookie.*$.0..14.Ignore cookies.0.
proxy.matchreplacerule8 : 2.0.0.23.^Host: foo.example.org$.21.Host: bar.example.org.19.Rewrite Host header.0.
proxy.matchreplacerule9 : 2.0.0.0..23.Origin: foo.example.org.23.Add spoofed CORS origin.0.
proxy.ProxyUpdateCookieJar : true
proxy.removealljavascript : false
proxy.removejsformvalidation : false
proxy.removelengthlimits : false
proxy.removeobjecttags : false
proxy.removesecurecookieflag : false
proxy.requestrule0 : 1.0.5.1.(^gif$|^jpg$|^png$|^css$|^js$|^ico$)
proxy.requestrule1 : 0.1.6.0.
proxy.requestrule2 : 0.1.3.1.(get|post)
proxy.requestrule3 : 0.0.4.2.
proxy.responserule0 : 1.1.13.0.text
proxy.responserule1 : 0.1.6.4.
proxy.responserule2 : 0.1.6.2.
proxy.responserule3 : 0.0.12.1.^304$
proxy.responserule4 : 0.0.4.2.
proxy.searchcasesensitive : false
proxy.searchnegative : false
proxy.searchregex : false
proxy.searchterm :
proxy.showextensions : false
proxy.showextensionsitems : asp,aspx,jsp,php
proxy.showmimecss : false
proxy.showmimeflash : true
proxy.showmimehtml : true
proxy.showmimeimages : false
proxy.showmimeotherbinary : false
proxy.showmimeothertext : true
proxy.showmimescript : true
proxy.showmimexml : true
proxy.showonlycommented : false
proxy.showonlyhighlighted : false
proxy.showonlyinscope : false
proxy.showonlyparameterized : false
proxy.showstatus2xx : true
proxy.showstatus3xx : true
proxy.showstatus4xx : true
proxy.showstatus5xx : true
proxy.sslpassthroughtargetscopeinclude0 : **empty**
proxy.stripproxyheaders : true
proxy.supresssburperrors : false
proxy.unhidehiddenfields : false
proxy.unpackgzipdeflate : true
proxy.unpackgzipdeflaterequests : false
proxy.updaterequestcontentlength : true
proxy.updateresponsecontentlength : true
proxy.wshideincoming : false
proxy.wshideoutgoing : false
proxy.wsinterceptincoming : true
proxy.wsinterceptoutgoing : true
proxy.wslistener :
proxy.wssearchcasesensitive : false
proxy.wssearchnegative : false
proxy.wssearchregex : false
proxy.wssearchterm :
proxy.wsshowonlycommented : false
proxy.wsshowonlyhighlighted : false
proxy.wsshowonlyinscope : false
repeater.followredirects : 0
repeater.processcookiesinredirects : false
repeater.RepeaterUpdateCookieJar : false
repeater.unpackgzipdeflate : true
repeater.updateCL : true
repeater.view : 1
scanner.ScannerUpdateCookieJar : false
sequencer.doBase64Decode : false
sequencer.doBitCompress : true
sequencer.doBitCorrelation : true
sequencer.doCSCount : true
sequencer.doCSTransitions : true
sequencer.doFIPS1 : true
sequencer.doFIPS2 : true
sequencer.doFIPS3 : true
sequencer.doFIPS4 : true
sequencer.doSpectral : true
sequencer.ignoreAbnormalLengths : true
sequencer.maxDeviation : 5
sequencer.numThreads : 5
sequencer.padAtEnd : false
sequencer.padChar : 48
sequencer.SequencerUpdateCookieJar : false
sequencer.throttle : 0
spider.apploginmode : 2
spider.checkrobotstxt : true
spider.customheader0 : Accept: */*
spider.customheader1 : Accept-Language: en
spider.customheader2 : User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
spider.customheader3 : Connection: close
spider.defaultautofillvalue : 555-555-0199@example.com
spider.detectnotfound : true
spider.dothrottle : false
spider.formsidentitycriteria : 2
spider.formsubmissionmode : 0
spider.iteratesubmitfields : true
spider.loginpassword :
spider.loginusername :
spider.maxformsubmissions : 10
spider.maxlinkdepth : 5
spider.maxparamrequestsperurl : 50
spider.numretries : 3
spider.numthreads : 10
spider.paramautofillrule0 : 1.1.4.mail.18.winter@example.com
spider.paramautofillrule1 : 1.1.5.first.5.Peter
spider.paramautofillrule10 : 1.1.4.post.8.SW1A 1AA
spider.paramautofillrule11 : 1.1.4.area.3.555
spider.paramautofillrule12 : 1.1.5.phone.12.555-555-0199
spider.paramautofillrule13 : 1.1.3.tel.12.555-555-0199
spider.paramautofillrule14 : 1.1.3.ssn.11.123 45 6789
spider.paramautofillrule15 : 1.1.6.social.11.123 45 6789
spider.paramautofillrule16 : 1.1.3.age.2.30
spider.paramautofillrule17 : 1.1.3.day.2.01
spider.paramautofillrule18 : 1.1.5.month.2.01
spider.paramautofillrule19 : 1.1.4.year.4.1980
spider.paramautofillrule2 : 1.1.4.last.6.Winter
spider.paramautofillrule20 : 1.1.8.passport.10.0123456789
spider.paramautofillrule3 : 1.1.7.surname.6.Winter
spider.paramautofillrule4 : 1.1.4.name.12.Peter Winter
spider.paramautofillrule5 : 1.1.4.comp.17.Winter Consulting
spider.paramautofillrule6 : 1.1.4.addr.13.1 Main Street
spider.paramautofillrule7 : 1.1.4.city.11.Winterville
spider.paramautofillrule8 : 1.1.5.state.2.WI
spider.paramautofillrule9 : 1.1.3.zip.5.36310
spider.pausebeforeretry : 2000
spider.processproxyrequests : true
spider.proxylinkdepth : 0
spider.requestdynpageswithoutparams : true
spider.requestfolderroots : true
spider.requesttexttypesonly : true
spider.scopeexclude0 : 1.0.0.0.logout
spider.scopeexclude1 : 1.0.0.0.logoff
spider.scopeexclude2 : 1.0.0.0.exit
spider.scopeexclude3 : 1.0.0.0.signout
spider.scopeinclude0 : **empty**
spider.scopetype : 2
spider.setunmatchedfields : true
spider.SpiderUpdateCookieJar : true
spider.throttleinterval : 0
spider.throttlerandom : false
spider.usehttp11 : true
spider.usereferer : true
suite.allowHttpRequestsInHtmlRendering : true
suite.allowUnsafeRenegotiation : false
suite.analyseAndDisplayAmf : false
suite.autoSaveFolder :
suite.autoSaveInterval : 30
suite.autoselectsslparams : true
suite.charsetMode : __CharsetAutoRecognise
suite.collaboratorPollingLocation :
suite.collaboratorServerLocation :
suite.collaboratorServerType : 0
suite.colouriseRequests : true
suite.colouriseResponses : true
suite.disablesniextension : false
suite.dnstimeoutmilli : 300000
suite.doAutoSave : false
suite.dodnsoversocks : false
suite.dowwwauth : true
suite.dropoutofscope : false
suite.enableblockedsslalgorithms : true
suite.extension0 : PGVjPjx0PgAAAAABPC90PjxmPgMAAAAeL1VzZXJzL3RvZ2F3YS9EZXNrdG9wL29zd20uamFyPC9mPjxuPgMAAAAWT2dhU2VuZFRvV2luTWFyZ2UgdjAuOTwvbj48b28+AAAAAAI8L29vPjxlbz4AAAAAAjwvZW8+PGw+AgE8L2w+PGI+AgA8L2I+PC9lYz4=
suite.faileddnstimeoutmilli : 60000
suite.feedbackReportingEnabled : true
suite.hostresolverrule0 : **empty**
suite.hotkey0 : 131328.390.82.
suite.hotkey1 : 131584.390.73.
suite.hotkey10 : 266240.390.45.
suite.hotkey11 : 266496.390.61.
suite.hotkey12 : 393472.390.88.
suite.hotkey13 : 393728.390.67.
suite.hotkey14 : 393984.390.86.
suite.hotkey15 : 394240.390.90.
suite.hotkey16 : 394496.390.89.
suite.hotkey17 : 394752.390.65.
suite.hotkey18 : 395008.390.83.
suite.hotkey19 : 395040.390.44.
suite.hotkey2 : 262400.390.70.
suite.hotkey20 : 395072.390.46.
suite.hotkey21 : 395520.455.85.
suite.hotkey22 : 395776.390.85.
suite.hotkey23 : 396544.455.72.
suite.hotkey24 : 396800.390.72.
suite.hotkey25 : 397824.455.66.
suite.hotkey26 : 398080.390.66.
suite.hotkey27 : 399360.390.8.
suite.hotkey28 : 399616.390.127.
suite.hotkey29 : 399872.390.68.
suite.hotkey3 : 262912.390.84.
suite.hotkey30 : 400128.390.37.
suite.hotkey31 : 400384.455.37.
suite.hotkey32 : 400640.390.39.
suite.hotkey33 : 400896.455.39.
suite.hotkey34 : 401152.390.38.
suite.hotkey35 : 401408.455.38.
suite.hotkey36 : 401664.390.40.
suite.hotkey37 : 401920.455.40.
suite.hotkey38 : 402176.390.36.
suite.hotkey39 : 402432.455.36.
suite.hotkey4 : 263424.455.84.
suite.hotkey40 : 402688.390.35.
suite.hotkey41 : 402944.455.35.
suite.hotkey5 : 263680.455.80.
suite.hotkey6 : 264448.455.73.
suite.hotkey7 : 264704.455.82.
suite.hotkey8 : 265728.455.79.
suite.hotkey9 : 265984.455.65.
suite.inScopeOnly : false
suite.macro0 : **empty**
suite.messageFont : Courier
suite.messageFontSize : 12
suite.messageFontSmoothing : false
suite.normaltimeoutmilli : 120000
suite.promptforcredentials : false
suite.readtilclosetimeoutmilli : 10000
suite.redirDo3xxLocation : true
suite.redirDoJavascriptDriven : false
suite.redirDoMetaRefresh : true
suite.redirDoXxxLocation : false
suite.redirRefreshHeader : true
suite.remove100continueheaders : false
suite.saveOnExit : true
suite.scheduledtask0 : **empty**
suite.sessionrule0 : PHNlc3Npb25ydWxlPjxjYT4CATwvY2E+PGQ+AwAAACJVc2UgY29va2llcyBmcm9tIEJ1cnAncyBjb29raWUgamFyPC9kPjxwc20+PG5hbWU+AwAAAAlzY29wZXR5cGU8L25hbWU+PHZhbHVlPgMAAAABMTwvdmFsdWU+PG5hbWU+AwAAAA1zY29wZWluY2x1ZGUwPC9uYW1lPjx2YWx1ZT4DAAAACSoqZW1wdHkqKjwvdmFsdWU+PG5hbWU+AwAAAA1zY29wZWV4Y2x1ZGUwPC9uYW1lPjx2YWx1ZT4DAAAACSoqZW1wdHkqKjwvdmFsdWU+PC9wc20+PGFmcD4CADwvYWZwPjxhZnA+AgA8L2FmcD48YWZwPgIBPC9hZnA+PGFmcD4CATwvYWZwPjxhZnA+AgA8L2FmcD48YWZwPgIAPC9hZnA+PGFmcD4CADwvYWZwPjxhZnA+AgA8L2FmcD48YWZwPgIAPC9hZnA+PGFmcD4CADwvYWZwPjxwYz4DAAAAElNwaWRlciBhbmQgU2Nhbm5lcjwvcGM+PHJucD4CADwvcm5wPjxhY3Rpb24+PHR5cGU+AAAAAAI8L3R5cGU+PGNhPgIBPC9jYT48bW8+AAAAAAA8L21vPjwvYWN0aW9uPjwvc2Vzc2lvbnJ1bGU+
suite.socksproxyhost :
suite.socksproxypassword :
suite.socksproxyport : 0
suite.socksproxyusername :
suite.sslcipher0 : TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
suite.sslcipher1 : TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
suite.sslcipher10 : TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
suite.sslcipher11 : TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
suite.sslcipher12 : TLS_DHE_RSA_WITH_AES_128_CBC_SHA
suite.sslcipher13 : TLS_DHE_DSS_WITH_AES_128_CBC_SHA
suite.sslcipher14 : TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
suite.sslcipher15 : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
suite.sslcipher16 : TLS_RSA_WITH_AES_128_GCM_SHA256
suite.sslcipher17 : TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
suite.sslcipher18 : TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
suite.sslcipher19 : TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
suite.sslcipher2 : TLS_RSA_WITH_AES_128_CBC_SHA256
suite.sslcipher20 : TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
suite.sslcipher21 : TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
suite.sslcipher22 : TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
suite.sslcipher23 : SSL_RSA_WITH_3DES_EDE_CBC_SHA
suite.sslcipher24 : TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
suite.sslcipher25 : TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
suite.sslcipher26 : SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
suite.sslcipher27 : SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
suite.sslcipher28 : TLS_EMPTY_RENEGOTIATION_INFO_SCSV
suite.sslcipher3 : TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
suite.sslcipher4 : TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
suite.sslcipher5 : TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
suite.sslcipher6 : TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
suite.sslcipher7 : TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
suite.sslcipher8 : TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
suite.sslcipher9 : TLS_RSA_WITH_AES_128_CBC_SHA
suite.sslclientcertrule0 : **empty**
suite.sslprotocol0 : SSLv3
suite.sslprotocol1 : TLSv1
suite.sslprotocol2 : TLSv1.1
suite.sslprotocol3 : TLSv1.2
suite.storestreamingresponses : true
suite.stripCEfromstreamingresponses : true
suite.tempDir :
suite.uifontsize : 12
suite.uilookandfeel : Nimbus
suite.understand100continue : true
suite.upstreamproxyrule0 : **empty**
suite.useHttpForCollaboratorPolling : false
suite.usesocksproxy : false
suite.wwwcredentials0 : **empty**
target.dashboardstyle : SIDE_BY_SIDE
target.droprequestsscopeexclude0 : 1.0.0.0.logout
target.droprequestsscopeexclude1 : 1.0.0.0.logoff
target.droprequestsscopeexclude2 : 1.0.0.0.exit
target.droprequestsscopeexclude3 : 1.0.0.0.signout
target.droprequestsscopeinclude0 : **empty**
target.droprequestsscopetype : 2
target.hideemptyfolders : true
target.hideextensions : false
target.hideextensionsitems : js,gif,jpg,png,css
target.hidenotfound : true
target.scopeexclude0 : 1.0.0.0.logout
target.scopeexclude1 : 1.0.0.0.logoff
target.scopeexclude2 : 1.0.0.0.exit
target.scopeexclude3 : 1.0.0.0.signout
target.scopeinclude0 : **empty**
target.searchcasesensitive : false
target.searchnegative : false
target.searchregex : false
target.searchterm :
target.showextensions : false
target.showextensionsitems : asp,aspx,jsp,php
target.showmimecss : false
target.showmimeflash : true
target.showmimehtml : true
target.showmimeimages : false
target.showmimeotherbinary : false
target.showmimeothertext : true
target.showmimescript : true
target.showmimexml : true
target.showonlycommented : false
target.showonlyhighlighted : false
target.showonlyinscope : false
target.showonlyparameterized : false
target.showonlyrequested : false
target.showstatus2xx : true
target.showstatus3xx : true
target.showstatus4xx : false
target.showstatus5xx : true
target.streamingresponsesscopeinclude0 : **empty**
target.TargetUpdateCookieJar : false
以上です。多い・・・