ExamplesΒΆ

Plugin for loading Burp state files from commandline:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
# vim: set ts=4 sw=4 tw=79 fileencoding=utf-8:
from __future__ import absolute_import

from bluec0re import ICallback
from java.io import File

class CmdlinePlugin(ICallback):
    def __str__(self):
        return type(self).__name__

    def setCommandLineArgs(self, args):
        self.args = args

    def registerExtenderCallbacks(self, callbacks):
        if len(self.args) > 1 and not self.args[-1].startswith('-'):
            f = File(self.args[-1])
            if f.exists():
                callbacks.restoreState(f)
    def toString(self):
        return 'CmdlinePlugin'

Plugin for saving request/response items in a file (without the Burp-XML around it):

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# vim: set ts=4 sw=4 tw=79 fileencoding=utf-8:
from __future__ import absolute_import

from bluec0re import ICallback
from burp import IMenuItemHandler
from java.io import File
from javax.swing import JFileChooser, JOptionPane

class PocPlugin(ICallback):
    def __str__(self):
        return type(self).__name__

    def registerExtenderCallbacks(self, callbacks):
        callbacks.registerMenuItem('Save PoC', Handler())

    def toString(self):
        return 'PoCPlugin'

class Handler(IMenuItemHandler):
    def __init__(self, *args, **kwargs):
        super(Handler, self).__init__(*args, **kwargs)
        self.dir = None

    def menuItemClicked(self, menuItemCaption, messageInfo):
        if menuItemCaption == 'Save PoC':

            if self.dir:
                fc = JFileChooser(self.dir)
            else:
                fc = JFileChooser()

            returnVal = fc.showSaveDialog(None)

            if returnVal == JFileChooser.APPROVE_OPTION:
                file = fc.getSelectedFile()

                try:
                    mode = 'w'
                    if file.exists():
                        res = JOptionPane.showConfirmDialog(None, 
                                "File exists. Append?")
                        mode = {
                                JOptionPane.YES_OPTION : 'a',
                                JOptionPane.NO_OPTION : 'w',
                                JOptionPane.CANCEL_OPTION : None,
                                }[res]

                    if not mode:
                        return
                    fp = open(str(file.getAbsolutePath()), mode)
                    for req_resp in messageInfo:
                        req = req_resp.getRequest()
                        resp = req_resp.getResponse()
                        fp.write(req.tostring())
                        fp.write('\r\n\r\n')
                        fp.write(resp.tostring())
                        fp.write('\r\n\r\n')
                    fp.close()
                except Exception, e:
                    JOptionPane.showMessageDialog(None, 
                            "Error during save: " + str(e), "Error",  
                            JOptionPane.ERROR_MESSAGE)
                    raise

                JOptionPane.showMessageDialog(None, 
                            "File was successfully saved", "Ok",  
                            JOptionPane.INFORMATION_MESSAGE)
                self.dir = fc.getCurrentDirectory()

The Java class which have to be implemented by the Python scripts (based on IBurpExtender):

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
package bluec0re;

import java.util.List;
import java.util.Map;
import burp.*;

/*
 * Based on:
 *
 * @(#)IBurpExtender.java
 *
 * Copyright PortSwigger Ltd. All rights reserved.
 * 
 * This code may be used to extend the functionality of Burp Suite and Burp
 * Suite Professional, provided that this usage does not violate the 
 * license terms for those products. 
 */

public abstract class ICallback
{
    /**
     * This method is invoked immediately after the implementation's constructor
     * to pass any command-line arguments that were passed to Burp Suite on
     * startup. It allows implementations to control aspects of their behaviour
     * at runtime by defining their own command-line arguments.
     *
     * @param args The command-line arguments passed to Burp Suite on startup.
     */
    public abstract void setCommandLineArgs(String[] args);
    
    /**
     * This method is invoked by Burp Proxy whenever a client request or server
     * response is received. It allows implementations to perform logging 
     * functions, modify the message, specify an action (intercept, drop, etc.)
     * and perform any other arbitrary processing.
     *
     * @param messageReference An identifier which is unique to a single 
     * request/response pair. This can be used to correlate details of requests
     * and responses and perform processing on the response message accordingly.
     * @param messageIsRequest Flags whether the message is a client request or
     * a server response.
     * @param remoteHost The hostname of the remote HTTP server.
     * @param remotePort The port of the remote HTTP server.
     * @param serviceIsHttps Flags whether the protocol is HTTPS or HTTP.
     * @param httpMethod The method verb used in the client request.
     * @param url The requested URL.
     * @param resourceType The filetype of the requested resource, or a 
     * zero-length string if the resource has no filetype.
     * @param statusCode The HTTP status code returned by the server. This value
     * is <code>null</code> for request messages.
     * @param responseContentType The content-type string returned by the 
     * server. This value is <code>null</code> for request messages.
     * @param message The full HTTP message.
     * @param action An array containing a single integer, allowing the
     * implementation to communicate back to Burp Proxy a non-default 
     * interception action for the message. The default value is 
     * <code>ACTION_FOLLOW_RULES</code>. Set <code>action[0]</code> to one of 
     * the other possible values to perform a different action.
     * @return Implementations should return either (a) the same object received
     * in the <code>message</code> paramater, or (b) a different object 
     * containing a modified message.
     */
    public abstract byte[] processProxyMessage(
            int messageReference,
            boolean messageIsRequest,
            String remoteHost,
            int remotePort,
            boolean serviceIsHttps,
            String httpMethod,
            String url,
            String resourceType,
            String statusCode,
            String responseContentType,
            byte[] message,
            int[] action);
    
    /** 
     * Causes Burp Proxy to follow the current interception rules to determine
     * the appropriate action to take for the message.
     */
    public final static int ACTION_FOLLOW_RULES = 0;
    /** 
     * Causes Burp Proxy to present the message to the user for manual
     * review or modification.
     */
    public final static int ACTION_DO_INTERCEPT = 1;
    /** 
     * Causes Burp Proxy to forward the message to the remote server or client.
     */
    public final static int ACTION_DONT_INTERCEPT = 2;
    /** 
     * Causes Burp Proxy to drop the message and close the client connection.
     */
    public final static int ACTION_DROP = 3;
    /**
     * Causes Burp Proxy to follow the current interception rules to determine
     * the appropriate action to take for the message, and then make a second
     * call to processProxyMessage.
     */
    public final static int ACTION_FOLLOW_RULES_AND_REHOOK = 0x10;
    /**
     * Causes Burp Proxy to present the message to the user for manual
     * review or modification, and then make a second call to
     * processProxyMessage.
     */
    public final static int ACTION_DO_INTERCEPT_AND_REHOOK = 0x11;
    /**
     * Causes Burp Proxy to skip user interception, and then make a second call
     * to processProxyMessage.
     */
    public final static int ACTION_DONT_INTERCEPT_AND_REHOOK = 0x12;

    /**
     * This method is invoked on startup. It registers an instance of the 
     * <code>IBurpExtenderCallbacks</code> interface, providing methods that 
     * may be invoked by the implementation to perform various actions.
     * 
     * The call to registerExtenderCallbacks need not return, and 
     * implementations may use the invoking thread for any purpose.<p>
     *
     * @param callbacks An implementation of the 
     * <code>IBurpExtenderCallbacks</code> interface.
     */
    public abstract void registerExtenderCallbacks(burp.IBurpExtenderCallbacks callbacks);
    
    /**
     * This method is invoked immediately before Burp Suite exits. 
     * It allows implementations to carry out any clean-up actions necessary
     * (e.g. flushing log files or closing database resources).
     */
    public abstract void applicationClosing();
    
    /**
     * This method is invoked whenever any of Burp's tools makes an HTTP request 
     * or receives a response. It allows extensions to intercept and modify the 
     * HTTP traffic of all Burp tools. For each request, the method is invoked 
     * after the request has been fully processed by the invoking tool and is 
     * about to be made on the network. For each response, the method is invoked
     * after the response has been received from the network and before any 
     * processing is performed by the invoking tool.
     * 
     * @param toolName The name of the Burp tool which is making the request.
     * @param messageIsRequest Indicates whether the message is a request or 
     * response.
     * @param messageInfo Details of the HTTP message.
     */
    public abstract void processHttpMessage(
            String toolName, 
            boolean messageIsRequest, 
            IHttpRequestResponse messageInfo);
    
    /** 
     * This method is invoked whenever Burp Scanner discovers a new, unique 
     * issue, and can be used to perform customised reporting or logging of issues. 
     * 
     * @param issue Details of the new scan issue.
     */
    public abstract void newScanIssue(IScanIssue issue);
}

A startscript for Burp Suite with autoloading CmdlinePlugin and PoCPlugin:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
#!/bin/sh

BURP_PATH=
JYTHON_PATH=
PLUGIN_PATH=
CP="$PLUGIN_PATH/burp_python.jar:$JYTHON_PATH/jython.jar:$BURP_PATH/burpsuite_pro_v1.4.05.jar"

java -Xmx1536m -classpath $CP burp.StartBurp --python-home=$JYTHON_PATH/Lib $@ |& while read line
do
    echo "$line" | grep Listen > /dev/null
    if [[ $? -eq 0 ]]
    then
        PORT=$(echo "$line" | sed 's/.*://')
        echo -e "cd $PLUGIN_PATH\nadd CmdlinePlugin\nadd PoCPlugin\ncd $(pwd)\nquit\n" | \
            nc localhost $PORT
    fi
    echo "$line"
done

Previous topic

Use Python for Burp plugins

This Page