/protobuf-magic

Primary LanguageJavaGNU General Public License v3.0GPL-3.0

Protobuf Magic ๐Ÿช„

Protobuf Magic is an advanced extension for Burp Suite designed to intuitively handle Protobuf (Protocol Buffers) messages, even in the absence of complete .proto definitions. If you're familiar with tools like InQL, imagine that capability fine-tuned exclusively for Protobuf data.

๐ŸŒŸ Features

  • Protobuf Analysis: Seamlessly interpret incoming Protobuf messages within Burp Suite's Proxy, Repeater, or Intruder, converting them into a format you can easily comprehend, all without needing the original .proto files.
  • Message Modification: Freely adjust the Protobuf message contents. Test a variety of scenarios and edge cases without the hassle of meddling with .proto files.
  • Message Dispatch: Dispatch altered Protobuf messages straight from Burp Suite towards your desired targetโ€”a vital toolset for assessing Protobuf-integrated APIs and software.
  • JSON to Protobuf Serialization: Furnish a JSON payload within Intruder, and let the extension convert it to Protobuf right before dispatching the request.

๐Ÿ”ง Installation

  1. Grab the freshest release right here.
  2. Journey to the "Extender" segment in Burp Suite. Hit "Add" inside the "Extensions" panel.
  3. Opt for the JAR file you've just downloaded and proceed with "Next."
  4. Voilร ! Protobuf Magic integrates seamlessly into your Burp Suite, ready for action.

๐Ÿš€ Usage

  1. Post-installation, commence traffic interception that encompasses Protobuf messages via Proxy, Repeater, or Intruder.
  2. Protobuf Magic springs into action, identifying and breaking down Protobuf messages within request and response data.
  3. Within Proxy and Repeater, edit the Protobuf message content before relaying it server-wards.
  4. "Send to Intruder" pushes your Protobuf message towards Intruder, primed for thorough testing or fuzzing.
  5. For JSON to Protobuf in Intruder: Transfer your chosen JSON content into the body request portion of Intruder. The extension ensures JSON is molded into Protobuf before transmission.

send_image psend_image

๐Ÿ“น Visual Learners, Rejoice! Dive into our Video Guide: Vimeo Guide

โš ๏ธ Limitations

  • Despite its prowess, Protobuf Magic might occasionally stumble upon intricate Protobuf constructs if the core .proto definitions are out of reach. Consequently, certain nested or bespoke types might not render flawlessly.
  • Tweaking Protobuf messages sans a precise message blueprint could culminate in distorted or erroneous server-bound dispatches.

๐Ÿ“œ License

Protobuf Magic graces the open-source community under the umbrella of the GNU License. Dive deeper into our LICENSE for an in-depth look.