Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Code sample included with "Burp Extensions in Python & Pentesting Custom Web Services" at
# These are java classes, being imported using python syntax (Jython magic)
from burp import IBurpExtender
from burp import IHttpListener
# These are plain old python modules, from the standard library
# (or from the "Folder for loading modules" in Burp>Extender>Options)
from datetime import datetime
class BurpExtender(IBurpExtender, IHttpListener):
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("Burp Plugin Python Demo")
def processHttpMessage(self, toolFlag, messageIsRequest, currentRequest):
# only process requests
if not messageIsRequest:
requestInfo = self._helpers.analyzeRequest(currentRequest)
timestamp =
print "Intercepting message at:", timestamp.isoformat()
headers = requestInfo.getHeaders()
newHeaders = list(headers) #it's a Java arraylist; get a python list
newHeaders.append("Timestamp: " + timestamp.isoformat())
bodyBytes = currentRequest.getRequest()[requestInfo.getBodyOffset():]
bodyStr = self._helpers.bytesToString(bodyBytes)
newMsgBody = bodyStr + timestamp.isoformat()
newMessage = self._helpers.buildHttpMessage(newHeaders, newMsgBody)
print "Sending modified message:"
print "----------------------------------------------"
print self._helpers.bytesToString(newMessage)
print "----------------------------------------------\n\n"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.