public
Created

Code sample included with "Burp Extensions in Python & Pentesting Custom Web Services" at http://labs.neohapsis.com/

  • Download Gist
BurpPluginDemo.py
Python
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
# These are java classes, being imported using python syntax (Jython magic)
from burp import IBurpExtender
from burp import IHttpListener
 
# These are plain old python modules, from the standard library
# (or from the "Folder for loading modules" in Burp>Extender>Options)
from datetime import datetime
 
class BurpExtender(IBurpExtender, IHttpListener):
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("Burp Plugin Python Demo")
callbacks.registerHttpListener(self)
return
 
def processHttpMessage(self, toolFlag, messageIsRequest, currentRequest):
# only process requests
if not messageIsRequest:
return
requestInfo = self._helpers.analyzeRequest(currentRequest)
timestamp = datetime.now()
print "Intercepting message at:", timestamp.isoformat()
headers = requestInfo.getHeaders()
newHeaders = list(headers) #it's a Java arraylist; get a python list
newHeaders.append("Timestamp: " + timestamp.isoformat())
bodyBytes = currentRequest.getRequest()[requestInfo.getBodyOffset():]
bodyStr = self._helpers.bytesToString(bodyBytes)
newMsgBody = bodyStr + timestamp.isoformat()
newMessage = self._helpers.buildHttpMessage(newHeaders, newMsgBody)
print "Sending modified message:"
print "----------------------------------------------"
print self._helpers.bytesToString(newMessage)
print "----------------------------------------------\n\n"
currentRequest.setRequest(newMessage)
return

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.