BURP WORKSHOP
Burp Development Introduction
Speaker: Tim Guenther
DEMO APP
GOAL
Create an extension to automate the base64 encoding.
OR
Create your own extension and ask for help.
BURP PROJECT
burp/BurpExtender.java
void registerExtenderCallbacks(IBurpExtenderCallback)- CALLBACKS: inter process communication between burp and extension
- EXTENSION HELPERS: useful classes for conversion of different burp api objects
- Register other listeners for burp via the callback
burp/owasp/ModifyHTTPRequest.java
void processHttpMessage(toolFlag, isRequest, HttpRequestResponse)- ToolFlag: an integer defining the origin or target tool, e.g. Proxy, Scanner or Intruder
- isRequest: determines whether the HTTP message is a request or response
- httpRequestResponse: all info about the HTTP message is stored in this object. For responses, related request is stored inside too.
- All messages from all tools will proxy through this function
Clone The repository and start.
Thank you for your attention
This presentation was created with reveal.js
Resources on the next slide.
RESOURCES
- Demo Projects: https://portswigger.net/burp/extender/
- Burp JavaDoc: https://portswigger.net/burp/extender/api/index.html
- My Burp Template: https://github.com/TimGuenther/burp-base
Requirements: (tested setup)
- Netbeans 8.1
- Burp Suite Pro 1.7.03
- Java OpenJDK 1.7
- Maven 2.2.1