burp-explain.md

What is Shadeless

Consists of 2 tools: Shadeless Burp extension and a Shadeless App server.

The Burp extension is copied from https://portswigger.net/bappstore/470b7057b86f41c396a97903377f3d81 for beautiful HTTP logging. We can also config for it to forward web traffics to the Shadeless App server.

Shadeless App server is responsible for storing and allow collaborators to query for web traffic HTTP. This enables bug hunters to work on a target for multiple days without missing endpoints, and we can also collaborate with each other to and look for missing API / features that each other have missed.

Architecture

How to install

• 1: Download Shadeless Burp latest release on https://stc.drstra.in/shadeless/shadeless.1.1.1.jar
• 2: Install shadeless jar file into your BurpSuite Pro: open Burpsuite > Extender tab > Press Add button > Select file shadeless jar file > Next
• You should see a new tab called Shadeless Burp added to your Burp panel.

How to use

• 1: If you only want to see log of packets, go to View Logs tab.

• 2: If you want to forward packets to Shadeless, press to the Options tab.

• 3: Then, press on Configure Shadeless Exporter:

  • Change Shadeless url to the URL of deployed Shadeless API server. For example, I have a self-hosted Shadeless Server at https://shadeless.drstra.in/, so I'd put https://shadeless.drstra.in/ into the Shadeless url.
  • Rename the project into a project name, this will create a new project on the Shadeless URL.
  • You might want to change Codename to your unique name.
  • Close the Configuration tab.

• 4: Press on Ping Shadeless API, if everything is correct, you should see message Reached Shadeless API successfully.

• 5: Press Start Shadeless Exporter, now every packets that go though your Burp will be forwarded to Shadeless API server.

If you are a LINE corp user using it in our infra and wants to login, please ping my Slack: lw13551.
Thanks :)