Burp Extender API for Penetration Testing

Version: [--VX.X--]
Date: [--YYYY-MM-DD--]
Author: [--Author--]
Responsible: [--Responsible--]
Confidentiality Class: [--Confidentiality Class--]
Version: 1.0
Date: 2018-02-09
Author: P. Morimoto
Responsible: P. Morimoto
Confidentiality Class: Public
Burp Extender API for Pentest

All rights reserved
All rights reserved
All rights reserved
3
Web Pentest Tools
• WVS
• Acunetix
• …
• OWASP ZAP
• Fiddler
• BurpSuite

All rights reserved
All rights reserved
All rights reserved
4
BurpSuite

All rights reserved
All rights reserved
All rights reserved
5
How web browser works? (1/1)
https://www.quackit.com/web_servers/tutorial/how_web_servers_work.cfm

All rights reserved
All rights reserved
All rights reserved
6
How web browser works? (1/2)

All rights reserved
All rights reserved
All rights reserved
7
How Burp works?
http://kalilinuxtutorials.com/burpsuite/

All rights reserved
All rights reserved
All rights reserved
8
Install & Setup
https://portswigger.net/burp/communitydownload

All rights reserved
All rights reserved
All rights reserved
9
Install & Setup

All rights reserved
All rights reserved
All rights reserved
10
Burp Basic - Repeater

All rights reserved
All rights reserved
All rights reserved
11
Burp Basic - Intruder

All rights reserved
All rights reserved
All rights reserved
12
BurpSuite - Scanner (Professional Edition)

All rights reserved
All rights reserved
All rights reserved
13
BurpSuite - Extender

All rights reserved
All rights reserved
All rights reserved
14
BurpSuite - Extender - JSON Beautifier

All rights reserved
All rights reserved
All rights reserved
15
Develop BurpSuite extension
• Java
• Python (Jython)
• Ruby (JRuby)
Tutorial
https://portswigger.net/burp/extender/writing-your-first-burp-suite-extension
Sample extensions
https://portswigger.net/burp/extender#SampleExtensions

All rights reserved
All rights reserved
All rights reserved
16
Burp Extension with Jython
Extender > APIs

All rights reserved
All rights reserved
All rights reserved
17
Burp Extension with Jython
Extender > Options
Extender > Extension

All rights reserved
All rights reserved
All rights reserved
18
IBurpExtender
Implement
- registerExtenderCallbacks()

All rights reserved
All rights reserved
All rights reserved
19
IBurpExtender - registerExtenderCallbacks
ตั#งชื'อ
ส่งข้อความไปตาม
จุดต่าง ๆ ใน
Burp

All rights reserved
All rights reserved
All rights reserved
20
IHttpListener
IHttpListener implements
- processHttpMessage()

All rights reserved
All rights reserved
All rights reserved
21
IHttpListener
IHttpListener implements
- processHttpMessage()

All rights reserved
All rights reserved
All rights reserved
22
IExtensionHelpers

All rights reserved
All rights reserved
All rights reserved
23
IExtensionHelpers + IRequestInfo
IRequestInfo

All rights reserved
All rights reserved
All rights reserved
24
IExtensionHelpers + IRequestInfo
getUrl(); getHeaders(); getParameters(); getBodyOffset(); getContentType();

All rights reserved
All rights reserved
All rights reserved
25
IRequestInfo
getUrl(); getHeaders(); getParameters(); getBodyOffset(); getContentType();

All rights reserved
All rights reserved
All rights reserved
26
Demo 1 : Decode Base64 in Request
ntok=YWN0aW9uPWRlbGV0ZVVzZXImaWQ9MTAz

All rights reserved
All rights reserved
All rights reserved
27
Select > Send to Decoder
Select > Convert selection
> Base64 > Base64-decode

All rights reserved
All rights reserved
All rights reserved
28
https://github.com/PortSwigger/example-custom-editor-tab/blob/master/python/CustomEditorTab.py

All rights reserved
All rights reserved
All rights reserved
29
Old workflow
1. Intercept request, send to Repeater
2. Click, select and copy Base64 data
3. Go to Base64 Decoder tool or tabs
4. Decode it
5. Edit the data
6. Go to Base64 Encoder tool or tabs
7. Encode it
9. Go to Repeater tab
10.Click Go

All rights reserved
All rights reserved
All rights reserved
30
Old workflow
3. Go to Base64 Decoder tool or tabs
4. Decode it
5. Edit the data
6. Go to Base64 Encoder tool or tabs
7. Encode it
9. Go to Repeater tab
10.Click Go
New workflow
2. Click on a tab under Repeater
3. Edit the data
4. Click Go

All rights reserved
All rights reserved
All rights reserved
31
IMessageEditorTabFactory + IMessageEditorTab

All rights reserved
All rights reserved
All rights reserved
41
Example 3: Mobile App + Payload Encryption
{"key":"1234567890123456","text":"pCnmUF4RzY+nE3GHFP
VqTw4U0QQyqTiaJbXp7E7m/+k="}
Mobile
App
BackEnd
Web API

All rights reserved
All rights reserved
All rights reserved
For any further questions contact
your SEC Consult Expert.
Pichaya Morimoto
p.morimoto@sec-consult.com
SEC Consult (Thailand) Co., Ltd.
29/1 Piyaplace Langsuan Building, 16B
Soi Langsuan, Lumpini, Pathumwan
Bangkok 10330, Thailand
www.sec-consult.com

All rights reserved
All rights reserved
All rights reserved
45
Contact
GERMANY
SEC Consult Unternehmensberatung Deutschland GmbH
Bockenheimer Landstraße 17-19
60325 Frankfurt / Main
Tel +49 69 175 373 43 | Fax +49 69 175 373 44
Email office-frankfurt@sec-consult.com
AUSTRIA
SEC Consult Unternehmensberatung GmbH
Mooslackengasse 17
1190 Vienna
Tel +43 1 890 30 43 0 | Fax +43 1 890 30 43 15
Email office@sec-consult.com
LITHUANIA
UAB Critical Security, a SEC Consult company
Sauletekio al. 15-311
10224 Vilnius
Tel +370 5 2195535
Email office-vilnius@sec-consult.com
RUSSIA
CJCS Security Monitor
5th Donskoy proyezd, 15, Bldg. 6
119334, Moscow
Tel +7 495 662 1414
Email info@securitymonitor.ru
SINGAPORE
SEC Consult Singapore PTE. LTD
4 Battery Road
#25-01 Bank of China Building
Singapore (049908)
Email office-singapore@sec-consult.com
CANADA
i-SEC Consult Inc.
100 René-Lévesque West, Suite 2500
Montréal (Quebec) H3B 5C9
Email office-montreal@sec-consult.com
AUSTRIA
SEC Consult Unternehmensberatung GmbH
Komarigasse 14/1
2700 Wiener Neustadt
Tel +43 1 890 30 43 0
Email office@sec-consult.com
THAILAND
SEC Consult (Thailand) Co., Ltd.
29/1 Piyaplace Langsuan Building 16th Floor, 16B
Soi Langsuan, Ploen Chit Road
Lumpini, Patumwan | Bangkok 10330
Tel +66 02 041 1146
Email office-bangkok@sec-consult.com
www.sec-consult.com

Burp Extender API for Penetration Testing

More Related Content

What's hot (20)

Similar to Burp Extender API for Penetration Testing (20)

More from Pichaya Morimoto (12)

Recently uploaded (20)

Burp Extender API for Penetration Testing