A plugin that allows you execute python and get return to BurpSuite.
During Android APP pentesting, I found it very often that the traffic is encrypted and/or signed, it would be great to have a plugin so we can write python to enc/dec/sign.
And, sometimes, you may just want some customized function to modify part of the traffic, all you need is just write a python script and directly call it from within burpsuite.
If you wanna take advantage of the intruder with payloads need to be encrypted, you need to Enable Processor, and write your own payload processor function.
m0nst3r(Song Xinlei) @ CFCA
- @Center-Sun
- @ViCrack
- to python3, from version
1.3 -
dynamicfunction transform - resize and context menu support for popups (@ViCrack)
- Syntax highlight for popups
- word wrap for popups
- change to use class instead of pure function, so that we can init webdriver+selenium when loading without init it per call
- modified plugin to enable 4 function calls: main/enc/dec/sign
- add payload processor
- add auto enc/dec. encrypt function automatically called when you click GO in burp, and decrypt function automatically called when receive response
- changed default pyro4 port, avoiding brida conflicts
- migration to python3
- dynamic context menu items extracted from your python script
- add
first_linevariable toheaderdict
NOTE: MAKE SURE YOU HAVE ALL DEPENDENCIES INSTALLED, INCLUDING THE DEPENDENCIES NEEDED FOR YOUR PYTHON SCRIPT
- install PyRO, version 4 is used.
- configure python and pyro settings
- configure the python file you wanna run
- click "Start server", burpy will read your python script file and get all functions to generate the context menu
- use context memu item to invoke your script's regarding function
- write own payload processor, especially usefull with enc/dec
Install editor plugin example: mvn install:install-file -DgroupId=com.fifesoft -DartifactId=rsyntaxtextarea -Dversion=2.6.1.edited -Dpackaging=jar -Dfile=/home/m0nst3r/study/java/rsyntaxtextarea-2.6.1.edited.jar
Just write your own logic to modify the header/body as your need, and return the header/body, just that simple!
All functions will be extracted to generate context menu, except thos with _, __prefix!
Note: header["first_line"] ==>
GET /XXX/yyy.php?param1=hello HTTP/1.1.
class Burpy:
'''
header is dict
body is string
'''
def __init__(self):
'''
here goes some code that will be kept since "start server" clicked, for example, webdriver, which usually takes long time to init
'''
pass
def main(self, header, body):
return header, body
def _test(self, param):
'''
function with `_`, `__`as starting letter will be ignored for context menu
'''
# param = magic(param)
return param
def encrypt(self, header, body):
'''
Auto Enc/Dec feature require this function
'''
header["Cookie"] = "admin=1"
return header, body
def decrypt(self, header, body):
'''
Auto Enc/Dec feature require this function
'''
# header = magic(header)
# body = magic(body)
return header, body
def processor(self, payload):
'''
Enable Processor feature require this function
payload processor function
'''
return payload+"123"check the examples for scripts NOTE: MAKE SURE YOU HAVE ALL DEPENDENCIES INSTALLED, INCLUDING THE DEPENDENCIES NEEDED FOR YOUR PYTHON SCRIPT
- install PyRO, version 4 is used.
- configure python and pyro settings
- configure the python file you wanna run
- use
spawnto test the result - use
Burpy Main/Burpy Enc/Burpy Dec/Burpy Signcontext memu to invoke your script - write own payload processor, especially usefull with enc/dec
Install editor plugin example: mvn install:install-file -DgroupId=com.fifesoft -DartifactId=rsyntaxtextarea -Dversion=2.6.1.edited -Dpackaging=jar -Dfile=/home/m0nst3r/study/java/rsyntaxtextarea-2.6.1.edited.jar
Just write your own logic to modify the header/body as your need, and return the header/body, just that simple!
Note: if you need to handle response data, e.g decrypt response, you may want to write if-else, because in some cases, the response is different with the request. For example, the request is encrypted=XXXXXX, but the response is XXXXXX, without encrypted.
class Burpy:
'''
header is dict
body is string
'''
def __init__(self):
'''
here goes some code that will be kept since "start server" clicked, for example, webdriver, which usually takes long time to init
'''
pass
def main(self, header, body):
return header, body
def encrypt(self, header, body):
header["Cookie"] = "admin=1"
return header, body
def decrypt(self, header, body):
'''
You may want to add logic if the response differ from the request, for example in the request, the encrypted data is followed after "data=", but in the response, the whole response body is encrypted data, without "data="
'''
# header = magic(header)
# body = magic(body)
return header, body
def sign(self, header, body):
header.update({"Sign":"123123123"})
return header, body
def processor(self, payload):
'''
payload processor function
'''
return payload+"123"the great Brida
- Good ideas and contributions are welcomed.