Hidden Features - Suite Editor

Websecurify Suite has a lot of hidden awesome features you can use in your own creative ways. For example the Editor is a tool extensively used across all applications where http request/response editing and viewing capabilities are required (the Resend and Retest utilities are good examples). However it can be used in a standalone mode as well and this is what we are going to explore in this article.

First let's look at the following listing, which summarises the configurable parameters we can pass to the tool:

  • id - the identifier of this window. Your options and configurations will be stored against this unique name. For example, if you assign an id and you change the theme this change will be preserved next time so you don't have to change the theme again.
  • theme - the color scheme currently used. The following themes are supported: default, ambiance, blackboard, cobalt, eclipse, elegant, erlang-dark, lesser-dark, monokai, neat, night, rubyblue, vibrant-ink and xq-dark.
  • mode - the syntax highlighting mode. We support the following syntax highlighters: httprequest, httpresponse, json, xml, html, css, javascript. In the very near future we will add more.
  • value - the value of the editor. You can actually specify the content of the editor via an option. More information will follow later in this post.
  • linenumbers - if line numbers should be displayed. Excepts true or false.
  • readonly - if the content of the editor is editable. Excepts true or false. Sometimes you just want to display static text and not allow any editing capabilities.
  • nocursor - if the cursor should be displayed. Excepts true or false. Sometimes you don't want to see the cursor.
  • gutter - if the gutter should be displayed. Excepts true or false. Works very well with the linenumbers options such as when you want to display the gutter but you don't want to show any line numbers.
  • firstlinenumber - the first line number. You may want to display a snippet in which case you want to start from a different line number instead of 1.
  • disabled - if the editor screen is disabled. Excepts true or false.

Some Practical Examples

Let's say that we want to create an editor for http request but we want to enable the gutter so that we can have line folding capabilities. The exact URL to the application will be: https://www.secapps.com/editor#gutter=true&mode=httprequest.

Notice that we are even able to highlight the JSON part of the request based on the content type header. This is awesome.

What else can we do? Let's say that you want to share this request with your esteemed colleagues. How do you do that? Since we are working with the editor directly, the process will be a bit manual but it boils down to getting the value of the editor and embedding it as a property. First we need to encode the content as URL encoded value. We can use Arena for this.

Now we have the value so all we have to do next is to construct the URL which will look like this:

https://www.secapps.com/editor#gutter=true&m... trimmed for brevity

As you can see this gives you a great degree of flexibility to allow you to do whatever you want. The most incredible thing about this tool is that unlike other SAAS tools, you are not sending any of your data to us. Notice that all parameters come at the end of the URL as a URL fragment. URL fragments are not sent over the network. This means that the information you encapsulate inside the URL is yours to keep and we only provide just the framework.

The Suite Editor is perfect for sharing information on your internal bug tracking systems or across different teams without the need of copy and pasting or even worse: making screenshots. It is just a link so you can even embed it into PDF, Word and Excel documents.