) to get started.

I have to admit that when I first started exploring the Burp Extender API, it took me a few attempts to understand how it worked. I found it a bit confusing, as I’m a pure Python guy and have limited Java development experience. But I found a number of extensions on the Burp website that let me see how other folks had developed extensions, and I used that prior art to help me understand how to begin implementing my own code. I’m going to cover some basics on extending functionality, but I’ll also show you how to use the API documentation as a guide for developing your own extensions.

and get it ready to go. As sad as it makes me to admit this, you will require a modern Java installation, which all operating systems either have packages or installers for. The next step is to grab the Jython (a Python implementation written in Java) standalone JAR file; we’ll point Burp to this. You can find this JAR file on the No Starch site along with the rest of the book’s code () or visit the official site, , and select the Jython 2.7 Standalone Installer. Don’t let the name fool you; it’s just a JAR file. Save the JAR file to an easy-to-remember location, such as your Desktop.

Next, open up a command-line terminal, and run Burp like so:

.

Now let’s point Burp at our Jython interpreter. Click the Extender tab, and then click the Options tab. In the Python Environment section, select the location of your Jython JAR file, as shown in .

You can leave the rest of the options alone, and we should be ready to start coding our first extension. Let’s get rocking!

.

.

. Simply browse to:

shows how I can see this request in the HTTP history tab of the Proxy tab, and I have right-clicked the request to send it to Intruder.

, which shows how payload highlighting works.

Now click the Payloads tab. In this screen, click the Payload type drop-down and select Extension-generated. In the Payload Options section, click the Select generator... button and choose BHP Payload Generator from the drop-down. Your Payload screen should now look like .

.

] to submit these queries programmatically and then parse the results ourselves. We won’t implement any fancy Burp GUI additions (other than a context menu) with this extension; we simply output the results into Burp each time we run a query, and any detected URLs to Burp’s target scope will be added automatically. Because I already walked you through how to read the Burp API documentation and translate it into Python, we’re going to get right to the code.

Crack open bhp_bing.py and hammer out the following code:

, and then right-click the GET request you just issued. If the extension is loaded properly, you should see the menu option Send to Bing displayed as shown in .

.

. The target scope limits activities such as attacks, spidering, and scans to only those hosts defined.

.

Right-click the site in the Site Map pane and select Spider this host, as shown in .

.

.

You can now feed this list back into Burp Intruder to perform the actual password-guessing attack.

] Visit to get set up with your own free Bing API key.

Назад: 5. Web Hackery

Дальше: 7. Github Command and Control

Отправить

×

Войти в систему

Войти с помощью соц. сетей: