Skip to content

Creating Match Rules

Jump to bottom Edit New page
August Detlefsen edited this page Jan 24, 2018 · 1 revision

Match rules are loaded from a tab-delimited file at extension startup. Each match rule consists of the following fields:

  1. A Java regular expression that matches the target string
  2. An integer specifying which capturing group contains the version number
  3. A short description of the software that was matched
  4. Vulnerability severity (High|Medium|Low)
  5. Vulnerability confidence (Certain|Firm|Tentative)
  6. The number of test strings to match in unit tests *Optional, default 1

For example, the match rule for Jetty looks like:

Jetty\s?\(?([a-z\d.]+)\)?      1       Jetty       Low      Certain       2
^      			       ^       ^           ^        ^             ^ 
regex		 capturing group       |    severity        |    unit tests
				software           confidence

Unit Tests

In addition to adding match rules you should also add one or more example match strings to /src/test/resources/burp/testResponse.txt. These will be used by the unit tests to ensure that the match rules actually work.

For Jetty, there are two match strings specified:

Server: Jetty(9.4.0.v20161208)
ContainerVersion=Jetty 9.4.4.qstv15

When the unit tests run you will see output like the following, indicating that both test strings were matched:

Testing rule: Jetty\s?\(?([a-z\d.]+)\)? matches: 2
Add a custom footer
Add a custom sidebar
Clone this wiki locally