-
Notifications
You must be signed in to change notification settings - Fork 2
/
graphql.py
54 lines (37 loc) · 1.76 KB
/
graphql.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
from burp import IBurpExtender
from burp import IHttpListener
import json
class BurpExtender(IBurpExtender, IHttpListener):
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("GraphQL Operation Logger")
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
# bbac is the best
return
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
if (toolFlag != self._callbacks.TOOL_TARGET and
toolFlag != self._callbacks.TOOL_PROXY):
return
path = self._helpers.analyzeRequest(messageInfo).getUrl().getPath()
method = self._helpers.analyzeRequest(messageInfo).getMethod()
if method == 'POST':
bodyOff = self._helpers.analyzeRequest(messageInfo).getBodyOffset()
bodyBytes = messageInfo.getRequest()[bodyOff:]
body = self._helpers.bytesToString(bodyBytes)
try:
bodyJson = json.loads(body)
if str(messageInfo.getComment()) == "None":
oldComment = ""
else:
oldComment = " " + messageInfo.getComment()
messageInfo.setComment(oldComment + bodyJson["operationName"])
# just in case any other extensions have already set a comment, try to preserve it
# uncomment this for higlight
# messageInfo.setHighlight("cyan")
except:
pass