0

Burp 新手正在编写扩展程序...我正在尝试在响应中添加标头以测试 CSP 规则。我发现有很多资源可以将标头添加到请求中,但不适用于响应。这是我到目前为止的(非工作)代码:

def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):

    # determine what tool we would like to pass though our extension:
    if toolFlag == 4: #if tool is Proxy Tab
        # determine if request or response:
        if not messageIsRequest:#only handle responses
            response = messageInfo.getResponse() #get Response from IHttpRequestResponse instance
            responseStr = self._callbacks.getHelpers().bytesToString(response)
            responseParsed = self._helpers.analyzeResponse(response)
            body = responseStr[responseParsed.getBodyOffset():]
            headers = responseParsed.getHeaders()

            headers.add('MYHEADER: TEST')

            httpResponse = self._callbacks.getHelpers().buildHttpMessage(headers, body)
            return
4

1 回答 1

8

我想你找到了一个扩展,但你可以在程序的标准版本中做到这一点。

代理选项卡>第二行选项卡选项>向下滚动到匹配和替换>点击添加>将类型更改为响应标头,将新标头放入替换。正如匹配中的默认文本所说,“留空以添加新标题”

于 2016-06-09T21:55:54.043 回答