your tools! ¨ Often find ourselves writing one-off scripts ¤ The same scripts over and over again ¨ Burp Extender ¤ Allows developers to extend Burp Suite functionality 6
functionality ¨ Implement the IBurpExtender interface, among others ¨ Problems: ¤ One implementation per JVM instance ¤ if/then/else and switches galore ¤ JAVA! 8
A JRuby implementation of IBurpExtender interface ¤ Eric Monti / Timur Duehr ¤ Acts as a method proxy between Java and Ruby ¤ https://github.com/tduehr/buby ¨ Example Usage: ¤ http://carnal0wnage.attackresearch.com/2011/05/ buby-script-basics-part-1.html 9
A Jython implementation of the IBurpExtender interface ¤ https://github.com/mwielgoszewski/jython-burp-api ¨ Example Usage: ¤ http://webstersprodigy.net/2012/07/06/some- practical-arp-poison-attacks-with-scapy-iptables-and- burp/ 10
write Burp plugins ¤ Pythonic interface to HTTP request objects ¨ Process requests/responses in filterchain like fashion ¤ On a tool-by-tool basis ¨ Watchdog like monitoring for code reloading ¤ No more having to reload JVM each time ¨ Cuts out a lot of the boilerplate ¤ Less code we have to write
for Components to “plug in” to ¨ An extension point specifies the contract that extenders must conform to via an Interface subclass ¨ To hook one of these extension points, implement the Interface and enable the plugin in burp.ini
¨ For example, if a plugin implements: ¤ IProxyRequestHandler, IIntruderResponseHandler ¤ processRequest() called on requests sent via Proxy ¤ processResponse() called on responses received via Intruder ¨ Allows for customized hooking and request/ response manipulation on a tool-by-tool basis
MenuItem interface ¤ Implement the menuItemClicked method ¤ Set a CAPTION class MyMenuItem(MenuItem): CAPTION = "My Menu Item" def menuItemClicked(self, caption, messages): for message in messages: req = HttpRequest(message) print "From Menu -‐>", req.url.geturl() burp.ini: [menus] examplepackage.MyMenuItem = enabled
new issue ¤ Automatically log issues to a central bug tracker? class IssueLogger(Component): implements(INewScanIssueHandler) jira_host = Option("scanner", "jira_host") def newScanIssue(self, issue): # POST https://{jira_host}/rest/api/2/issue/
plugins ¤ Run plugins simultaneously ¤ Interactive console ¤ Filterchain like processing of requests/responses ¤ Simplified configuration and logging ¤ Automatic code-reloading ¤ Less boilerplate