Skip to content

Instantly share code, notes, and snippets.

@nvssks
nvssks / burp-global-regex-replace.py
Created July 12, 2019 11:18
This burp plugin will replace the "lookfor_regex" with the string in "replace_with" it intercepts all messages except the ones in __IGNORE_FLAG__
from burp import IBurpExtender
from burp import IHttpListener
from burp import ISessionHandlingAction
#Global replace: This will replace the "lookfor_regex" with the string in "replace_with"
#Intercepts all messages except __IGNORE_FLAG__ (typically Proxy) TODO: Fix Flag checks
'''
TOOL_COMPARER: Flag used to identify the Burp Comparer tool.
TOOL_DECODER: Flag used to identify the Burp Decoder tool.
TOOL_EXTENDER: Flag used to identify the Burp Extender tool.
TOOL_INTRUDER: Flag used to identify the Burp Intruder tool.
@nvssks
nvssks / burp-csrf-sync-header.py
Created July 12, 2019 11:22
This Burp plugin will sync the X-XSRF-TOKEN with the value in the XSRF-TOKEN cookie
from burp import IBurpExtender
from burp import ISessionHandlingAction
from burp import IBurpExtenderCallbacks
class BurpExtender(IBurpExtender, ISessionHandlingAction):
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = self._callbacks.getHelpers()
self._callbacks.setExtensionName('CSRF Syncro Header')
self._callbacks.registerSessionHandlingAction(self)
@nvssks
nvssks / burp-multistep-request.py
Last active July 12, 2019 13:09
Burp plugin (Handling Action) for multi-step requests from within the plugin when Macros are not enough
# XXX: Example / Untested code snippet
from burp import IBurpExtender
from burp import ISessionHandlingAction
from burp import ICookie
import re
__DEBUG__ = True
class Cookie(ICookie):
@nvssks
nvssks / burp-track-token.py
Created July 12, 2019 12:39
This burp plugin tracks a token from the user browsing session (eg. Authorisation header) and creates a handling action that would update the header token. Meant to be used in other tools
from burp import IBurpExtender
from burp import IHttpListener
from burp import ISessionHandlingAction
from burp import IBurpExtender
from burp import ISessionHandlingAction
from burp import IBurpExtenderCallbacks
__DEBUG__ = False
@nvssks
nvssks / burp-jython-aes-encrypt.py
Created July 12, 2019 12:52
Burp plugin snippet to AES encrypt using Java native or run external
from burp import IBurpExtender
import random
import string
#Java Imports
from javax.crypto import Cipher
from javax.crypto.spec import SecretKeySpec
#Imports for run external
import subprocess
@nvssks
nvssks / burp-csrf-sync-body.py
Created July 12, 2019 14:01
This Burp plugin (Handling Action) will sync the _csrf body parameter with the value in the CSRF-TOKEN cookie
from burp import IBurpExtender
from burp import ISessionHandlingAction
from burp import IBurpExtenderCallbacks
class BurpExtender(IBurpExtender, ISessionHandlingAction):
def registerExtenderCallbacks(self, callbacks):
self._callbacks = callbacks
self._helpers = self._callbacks.getHelpers()
self._callbacks.setExtensionName('CSRF Body Syncro')
self._callbacks.registerSessionHandlingAction(self)
@nvssks
nvssks / burp-uuid-intruder-generator.py
Created July 12, 2019 14:03
Burp plugin UUID Intruder generator
from burp import IBurpExtender
from burp import IIntruderPayloadGeneratorFactory
from burp import IIntruderPayloadProcessor
from burp import IIntruderPayloadGenerator
import uuid
class BurpExtender(IBurpExtender, IIntruderPayloadGeneratorFactory, IIntruderPayloadProcessor):
def registerExtenderCallbacks(self, callbacks):
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
@nvssks
nvssks / topt-generator.js
Last active July 9, 2021 11:42
topt-generator using crypto-js library (for use in postman)
/*
Code borrowed from the following library and modified to work with crypto-js (for use in postman):
https://github.com/bellstrand/totp-generator/blob/master/LICENSE
Install requirements:
npm i crypto-js
Run:
node otp_script.js {{GOOGLE AUTH KEY}}
*/