Burp 新手正在编写扩展程序...我正在尝试在响应中添加标头以测试 CSP 规则。我发现有很多资源可以将标头添加到请求中,但不适用于响应。这是我到目前为止的(非工作)代码:
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
# determine what tool we would like to pass though our extension:
if toolFlag == 4: #if tool is Proxy Tab
# determine if request or response:
if not messageIsRequest:#only handle responses
response = messageInfo.getResponse() #get Response from IHttpRequestResponse instance
responseStr = self._callbacks.getHelpers().bytesToString(response)
responseParsed = self._helpers.analyzeResponse(response)
body = responseStr[responseParsed.getBodyOffset():]
headers = responseParsed.getHeaders()
headers.add('MYHEADER: TEST')
httpResponse = self._callbacks.getHelpers().buildHttpMessage(headers, body)
return