Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Code sample included with "Burp Extensions in Python & Pentesting Custom Web Services" at
# These are java classes, being imported using python syntax (Jython magic)
from burp import IBurpExtender
from burp import IHttpListener
# These are plain old python modules, from the standard library
# (or from the "Folder for loading modules" in Burp>Extender>Options)
from datetime import datetime
class BurpExtender(IBurpExtender, IHttpListener):
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("Burp Plugin Python Demo")
def processHttpMessage(self, toolFlag, messageIsRequest, currentRequest):
# only process requests
if not messageIsRequest:
requestInfo = self._helpers.analyzeRequest(currentRequest)
timestamp =
print "Intercepting message at:", timestamp.isoformat()
headers = requestInfo.getHeaders()
newHeaders = list(headers) #it's a Java arraylist; get a python list
newHeaders.append("Timestamp: " + timestamp.isoformat())
bodyBytes = currentRequest.getRequest()[requestInfo.getBodyOffset():]
bodyStr = self._helpers.bytesToString(bodyBytes)
newMsgBody = bodyStr + timestamp.isoformat()
newMessage = self._helpers.buildHttpMessage(newHeaders, newMsgBody)
print "Sending modified message:"
print "----------------------------------------------"
print self._helpers.bytesToString(newMessage)
print "----------------------------------------------\n\n"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment