Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cusomizing Burp Suite - Getting the Most out of Burp Extensions

3,956 views

Published on

This lecture gives pentesters and security tool developers an overview of the APIs available to extend the Burp Suite intercepting proxy. Using open-source examples developed by the author I illustrate a number of key areas for anyone wishing to create extensions for Burp Suite:

- Passive scanning
- Active scanning
- Identifying insertion points
- Request modification

The presentation includes code samples and links to actual open source Burp Suite plugins developed by the author.

Published in: Technology
  • //DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... //DOWNLOAD PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... //DOWNLOAD EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... //DOWNLOAD doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... //DOWNLOAD PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... //DOWNLOAD EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... //DOWNLOAD doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Cusomizing Burp Suite - Getting the Most out of Burp Extensions

  1. 1. AppSec USA 2014 Denver, Colorado Customizing Burp Suite Getting the Most out of Burp Extensions
  2. 2. 2 August Detlefsen Senior Application Security Consultant Author • augustd@codemagi.com • @codemagi • http://www.codemagi.com/blog
  3. 3. 3 Burp Suite • Burp Suite is a powerful tool for performing security assessments • Burp Plugin API allows new features to be added www.portswigger.net/burp/extender
  4. 4. 4 What Can I Do With Plugins? • Passive Scanning • Active Scanning • Alter/append requests • Define Insertion Points for Scanner/Intruder • Create new payload types • Automate Authentication • Much, Much More
  5. 5. 5 Prerequisites • Burp Suite Pro v 1.5.x+ • Java 1.6.x+ • NetBeans • Other programming languages – Jython – JRuby
  6. 6. 6 Creating An Extension • Download the Extender API from Portswigger: portswigger.net/burp/extender/api/ burp_extender_api.zip • Or export the API from within Burp
  7. 7. 7 Creating an Extension • Create a new project with existing sources:
  8. 8. 8 Creating an Extension • Create the BurpExtender class – In package ‘burp’ – Implement IBurpExtender
  9. 9. 9 Creating an Extension
  10. 10. 10 Creating an Extension • Implement registerExtenderCallbacks
  11. 11. 11 Load the Extension into Burp Suite
  12. 12. 12 Building a Passive Scanner Passive Scanning • Search responses for problematic values • Built-in passive scans – Credit card numbers – Known passwords – Missing headers
  13. 13. 13 Building a Passive Scanner Passive Scanning – Room for Improvement • Error Messages • Software Version Numbers
  14. 14. 14 Building a Passive Scanner Building a Passive Scanner • Implement the IScannerCheck interface: • Register the extension as a scanner:
  15. 15. 15 Building a Passive Scanner IScannerCheck.doPassiveScan()
  16. 16. 16 Building a Passive Scanner IScannerCheck.doPassiveScan()
  17. 17. 17 Building a Passive Scanner IScannerCheck.consolidateDuplicateIssues() • Ensure an issue is only posted to scanner once
  18. 18. 18 Building a Passive Scanner IScannerCheck.doActiveScan() • Only needed for active scans
  19. 19. 19 Building an Active Scanner Active Scanning • Issue requests containing attacks • Look for indication of success in response • Built-In Active Scans – XSS – SQL Injection – Path Traversal – etc
  20. 20. 20 Building an Active Scanner IScannerCheck.doActiveScan()
  21. 21. 21 Building an Active Scanner Insertion Points • Locations of parameters in request • Contain data the server will act upon
  22. 22. 22 Building an Active Scanner
  23. 23. 23 Building an Active Scanner
  24. 24. 24 Building an Active Scanner Defining Insertion Points • Implement IScannerInsertionPointProvider – getInsertionPoints() • Register as an insertion point provider
  25. 25. 25 Building an Active Scanner BurpExtender.getInsertionPoints()
  26. 26. 26 Building an Active Scanner
  27. 27. 27 Building an Active Scanner Viewing Insertion Points • Add menu option to send request to Intruder • Implement IContextMenuFactory – createMenuItems() • Register as a menu factory
  28. 28. 28 Building an Active Scanner BurpExtender.createMenuItems()
  29. 29. 29 Building an Active Scanner MenuItemListener
  30. 30. 30 Building an Active Scanner BurpExtender.sendGWTToIntruder()
  31. 31. 31 Building an Active Scanner
  32. 32. 32 Building an Active Scanner
  33. 33. 33 Modifying Requests Modifying Requests • Add custom headers • Add signatures • CSRF tokens
  34. 34. 34 Modifying Requests Modifying Requests • Implement IHttpListener – processHttpMessage() • Register as an HTTP Listener
  35. 35. 35 Modifying a Request BurpExtender.processHttpMessage()
  36. 36. 36 Modifying a Request BurpExtender.signRequest()
  37. 37. 37 Utilities Debugging • callbacks.printOutput(String) • callbacks.printError(String)
  38. 38. 38 Utilities
  39. 39. 39 Utilities Debugging – Stack Traces • Exception.printStackTrace() • Get the error OutputStream • Print a stack trace to the stream
  40. 40. 40 Utilities
  41. 41. 41 Summary • Setup • Passive Scanning • Active Scanning • Handling custom request types • Utilities
  42. 42. 42 Resources Extension Downloads • Download Extensions at: www.codemagi.com/downloads • Source code on Google Code
  43. 43. 43 Build Extensions! Customize YOUR Hacking! Profit!

×