A plugin that allows you execute python and get return to BurpSuite.
During Android APP pentesting, I found it very often that the traffic is encrypted and/or signed, it would be great to have a plugin so we can write python to enc/dec/sign.
And, sometimes, you may just want some customized function to modify part of the traffic, all you need is just write a python script and directly call it from within burpsuite.
If you wanna take advantage of the intruder with payloads need to be encrypted, you need to Enable Processor
, and write your own payload processor function.
m0nst3r(Song Xinlei) @ CFCA
- @Center-Sun
- @ViCrack
- add tab's in request and response, so we don't have to click our mouse that often (allow specify which method to call for response/request tab)
- to python3, from version
1.3
-
dynamic
function transform - resize and context menu support for popups (@ViCrack)
- Syntax highlight for popups
- word wrap for popups
- python venv support
- change to use class instead of pure function, so that we can init webdriver+selenium when loading without init it per call
- modified plugin to enable 4 function calls: main/enc/dec/sign
- add payload processor
- add auto enc/dec. encrypt function automatically called when you click GO in burp, and decrypt function automatically called when receive response
- changed default pyro4 port, avoiding brida conflicts
- migration to python3
- dynamic context menu items extracted from your python script
- add
first_line
variable toheader
dict - remove py editor, because it seems quite useless, and may lead to file mis-overwritten.
- upgrade pyro4 to pyro5, due to a bug#80 of pyrolite
- add message tab to call
encrypt/decrypt
automatically
NOTE: MAKE SURE YOU HAVE ALL DEPENDENCIES INSTALLED, INCLUDING THE DEPENDENCIES NEEDED FOR YOUR PYTHON SCRIPT
install PyRO, version 4 is used.- install Pyro, version 5 is used:
pip install pyro5
- configure python and pyro settings: DON'T USE
LOCALHOST
, use127.0.0.1
instead - configure the python file you wanna run
- click "Start server", burpy will read your python script file and get all functions to generate the context menu
- use context memu item to invoke your script's regarding function
- write own payload processor, especially usefull with enc/dec
Install editor plugin example: mvn install:install-file -DgroupId=com.fifesoft -DartifactId=rsyntaxtextarea -Dversion=2.6.1.edited -Dpackaging=jar -Dfile=/home/m0nst3r/study/java/rsyntaxtextarea-2.6.1.edited.jarnot necessary after version 2.4.4, as py editor was removed.
Just write your own logic to modify the header/body as your need, and return the header/body, just that simple!
All functions will be extracted to generate context menu, except thos with _
, __
prefix!
Note: header["first_line"] ==>
GET /XXX/yyy.php?param1=hello HTTP/1.1
.
class Burpy:
'''
header is dict
body is string
'''
def __init__(self):
'''
here goes some code that will be kept since "start server" clicked, for example, webdriver, which usually takes long time to init
'''
pass
def main(self, header, body):
return header, body
def _test(self, param):
'''
function with `_`, `__`as starting letter will be ignored for context menu
'''
# param = magic(param)
return param
def encrypt(self, header, body):
'''
Auto Enc/Dec feature require this function
'''
header["Cookie"] = "admin=1"
return header, body
def decrypt(self, header, body):
'''
Auto Enc/Dec feature require this function
'''
# header = magic(header)
# body = magic(body)
return header, body
def processor(self, payload):
'''
Enable Processor feature require this function
payload processor function
'''
return payload+"123"
check the examples for scripts NOTE: MAKE SURE YOU HAVE ALL DEPENDENCIES INSTALLED, INCLUDING THE DEPENDENCIES NEEDED FOR YOUR PYTHON SCRIPT
- install PyRO, version 4 is used.
- configure python and pyro settings
- configure the python file you wanna run
- use
spawn
to test the result - use
Burpy Main
/Burpy Enc
/Burpy Dec
/Burpy Sign
context memu to invoke your script - write own payload processor, especially usefull with enc/dec
Install editor plugin example: mvn install:install-file -DgroupId=com.fifesoft -DartifactId=rsyntaxtextarea -Dversion=2.6.1.edited -Dpackaging=jar -Dfile=/home/m0nst3r/study/java/rsyntaxtextarea-2.6.1.edited.jar
Just write your own logic to modify the header/body as your need, and return the header/body, just that simple!
Note: if you need to handle response data, e.g decrypt response, you may want to write if-else, because in some cases, the response is different with the request. For example, the request is encrypted=XXXXXX
, but the response is XXXXXX
, without encrypted
.
class Burpy:
'''
header is dict
body is string
'''
def __init__(self):
'''
here goes some code that will be kept since "start server" clicked, for example, webdriver, which usually takes long time to init
'''
pass
def main(self, header, body):
return header, body
def encrypt(self, header, body):
header["Cookie"] = "admin=1"
return header, body
def decrypt(self, header, body):
'''
You may want to add logic if the response differ from the request, for example in the request, the encrypted data is followed after "data=", but in the response, the whole response body is encrypted data, without "data="
'''
# header = magic(header)
# body = magic(body)
return header, body
def sign(self, header, body):
header.update({"Sign":"123123123"})
return header, body
def processor(self, payload):
'''
payload processor function
'''
return payload+"123"
the great Brida
- Good ideas and contributions are welcomed.