Written by Anthony Marquez (@BoogeyMarquez)
Tweaked by mazrog to include
- deciphering of requests that are not gzipped
- huge requests handling [WIP]
A couple of burp extensions that I created during a couple of security assessments, and I figure I would share them with others to save some pain.
- Clone repo
- Compile the NBFS.cs with
csc.exeand copy the NBFS.exe to the same directory as your Burp JAR executable - Download Jython standalone JAR if you do not already have it (created using Jython 2.7) - http://www.jython.org/
- Open Burp and click the Extender tab.
- In
Options, select the python environnement as the jython standalone. - In the
Extensions, clickAdd, select 'python' asExtension typeand choose theWcfGzipBurpPlugin.pyfile. - Finish the loading and you're done!
Within this repo are 2 files (not including this README):
This plugin is used to decompress and decode WCF traffic if it is binary encoded and compressed using 'gzip'. Burp's builtin 'gzip' decompressing functionality was not correctly identifying the compressed traffic sent by the application I was testing. Each request in any of the Burp tools will have an additional tab that decodes the request and will re-encode on edit.
Here is the file used to create a binary to decode and encode WCF binary format. I owe credit for the creation of this file to Brian Holyfield's Burp plugin located here: https://github.com/GDSSecurity/WCF-Binary-SOAP-Plug-In
As stated above, this must be in the same directory as the Burp JAR executable.