-
-
Save mwielgoszewski/7026954 to your computer and use it in GitHub Desktop.
| from java.awt import Font | |
| from javax.swing import JScrollPane, JTextPane | |
| from javax.swing.text import SimpleAttributeSet | |
| from burp import IBurpExtender, IExtensionStateListener, IHttpListener, ITab | |
| import base64 | |
| import traceback | |
| class BurpExtender(IBurpExtender, IExtensionStateListener, IHttpListener, ITab): | |
| def registerExtenderCallbacks(self, callbacks): | |
| self.callbacks = callbacks | |
| self.helpers = callbacks.helpers | |
| self.scriptpane = JTextPane() | |
| self.scriptpane.setFont(Font('Monospaced', Font.PLAIN, 11)) | |
| self.scrollpane = JScrollPane() | |
| self.scrollpane.setViewportView(self.scriptpane) | |
| self._code = compile('', '<string>', 'exec') | |
| self._script = '' | |
| script = callbacks.loadExtensionSetting('script') | |
| if script: | |
| script = base64.b64decode(script) | |
| self.scriptpane.document.insertString( | |
| self.scriptpane.document.length, | |
| script, | |
| SimpleAttributeSet()) | |
| self._script = script | |
| self._code = compile(script, '<string>', 'exec') | |
| callbacks.registerExtensionStateListener(self) | |
| callbacks.registerHttpListener(self) | |
| callbacks.customizeUiComponent(self.getUiComponent()) | |
| callbacks.addSuiteTab(self) | |
| self.scriptpane.requestFocus() | |
| def extensionUnloaded(self): | |
| try: | |
| self.callbacks.saveExtensionSetting( | |
| 'script', base64.b64encode(self._script)) | |
| except Exception: | |
| traceback.print_exc(file=self.callbacks.getStderr()) | |
| return | |
| def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): | |
| try: | |
| globals_ = {} | |
| locals_ = {'extender': self, | |
| 'callbacks': self.callbacks, | |
| 'helpers': self.helpers, | |
| 'toolFlag': toolFlag, | |
| 'messageIsRequest': messageIsRequest, | |
| 'messageInfo': messageInfo | |
| } | |
| exec(self.script, globals_, locals_) | |
| except Exception: | |
| traceback.print_exc(file=self.callbacks.getStderr()) | |
| return | |
| def getTabCaption(self): | |
| return 'Script' | |
| def getUiComponent(self): | |
| return self.scrollpane | |
| @property | |
| def script(self): | |
| end = self.scriptpane.document.length | |
| _script = self.scriptpane.document.getText(0, end) | |
| if _script == self._script: | |
| return self._code | |
| self._script = _script | |
| self._code = compile(_script, '<string>', 'exec') | |
| return self._code |
Is there any way to import more burp modules such as IParameter?
Great work. This has been published in BApp Store: https://portswigger.net/bappstore/eb563ada801346e6bdb7a7d7c5c52583.
Sample code:
if (messageIsRequest):
# Crude state:
fname="c:/BURP/mystate5.txt"
with open(fname,"r+") as myfile:
myvalue=myfile.read()
myvalue=int(myvalue)
myvalue+=1
print(myvalue)
myfile.seek(0)
myfile.write(str(myvalue))
myfile.truncate()
reqbytes=messageInfo.getRequest()
req=helpers.analyzeRequest(reqbytes)
headers=req.getHeaders()
mydate="date: Wed, 22 Feb 2019 14:40:"+str(myvalue)+" GMT"
headers.add(mydate)
print(mydate)
msgbody=reqbytes[(req.getBodyOffset()):]
newreq=helpers.buildHttpMessage(headers,msgbody)
messageInfo.setRequest(newreq)
👋 Hello there, i wanted to try this tool, but i am not sure how to use it, do you have documentation somewhere ?
Even better if you could show steps what needs to be done, what and where should you need to look for the result/output ..
Thanks
Is there any example? It's very hard understand how to use it without example
Is there any example? It's very hard understand how to use it without example
Simply adding header. The code is based on python. Consult python docs if you have issue.
Learn about returned object type from burp
If it's list, python list applies.
headers.add(mydate)
headers.append(mydate)
If it's object, you can call its method
messageInfo.getRequest()
Example codes : https://portswigger.net/burp/extender
Changed scope of
extender,callbacks, andhelpersvariables to the local variable scope. Result should be a slight increase in performance as we avoid searching the global namespace for a variable.