Paul Johnston pajswigger
pajswigger
/ delete-cookies.kt
Created
April 18, 2019 10:40
Burp extension to delete all cookies in jar
pajswigger
/ BurpExtender.java
Created
February 8, 2019 10:59
Sample Burp Extension code to extract response markers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package burp; | |
| import java.util.List; | |
| public class BurpExtender implements IBurpExtender | |
| { | |
| @Override | |
| public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) | |
| { |
pajswigger
/ burp-summary-report.xsl
Created
October 10, 2018 08:58
XSLT file to generate a summary HTML report from a Burp XML report
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> | |
| <xsl:output method="html" indent="no"/> | |
| <xsl:key name="issue-by-type" match="issue" use="type" /> | |
| <xsl:template match="/issues"> | |
| <html> | |
| <head> | |
| <title>Burp Scanner Report</title> |
pajswigger
/ UpdateParameter.java
Created
September 20, 2018 09:47
Function to help a Burp extension update a parameter
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| static byte[] updateParameter(IExtensionHelpers helpers, IRequestInfo requestInfo, byte[] request, IParameter parameter, String value) { | |
| ByteArrayOutputStream baos = new ByteArrayOutputStream(); | |
| int bodyOffset = requestInfo.getBodyOffset(); | |
| baos.write(request, bodyOffset, parameter.getValueStart() - bodyOffset); | |
| baos.write(value.getBytes(Charsets.ISO_8859_1), 0, value.length()); | |
| baos.write(request, parameter.getValueEnd(), request.length - parameter.getValueEnd()); | |
| byte[] newBody = baos.toByteArray(); | |
| List<String> headers = requestInfo.getHeaders(); | |
| for(int i = 0; i < headers.size(); i++) { |
pajswigger
/ crlf-fixup.py
Created
July 3, 2018 13:30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import IBurpExtender, IHttpListener | |
| class BurpExtender(IBurpExtender, IHttpListener): | |
| def registerExtenderCallbacks(self, callbacks): | |
| self.callbacks = callbacks | |
| callbacks.registerHttpListener(self) | |
| def processHttpMessage(self, toolFlag, messageIsRequest, message): | |
| helpers = self.callbacks.getHelpers() |
pajswigger
/ burp-report.xsl
Created
July 2, 2018 13:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> | |
| <xsl:output method="html" indent="no"/> | |
| <xsl:key name="issue-by-type" match="issue" use="type" /> | |
| <xsl:template match="/issues"> | |
| <html> | |
| <head> | |
| <title>Burp Scanner Report</title> |
pajswigger
/ license-burp.py
Created
April 30, 2018 12:36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys, pexpect.popen_spawn, signal | |
| if len(sys.argv) != 3: | |
| print('Usage: license-burp [yes/no] [license-file]') | |
| sys.exit(1) | |
| if sys.argv[1] != 'yes': | |
| print('You must accept the license to use Burp') | |
| sys.exit(1) |
pajswigger
/ getBurpFrame.java
Created
April 24, 2018 11:26
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| static JFrame getBurpFrame() | |
| { | |
| for(Frame f : Frame.getFrames()) | |
| { | |
| if(f.isVisible() && f.getTitle().startsWith(("Burp Suite"))) | |
| { | |
| return (JFrame) f; | |
| } | |
| } | |
| return null; |
pajswigger
/ add-cvss-to-report.py
Created
April 19, 2018 10:35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| out = [] | |
| in_summary = False | |
| with open(sys.argv[1]) as input: | |
| for line in input: | |
| if line.startswith('<table cellpadding="0" cellspacing="0" class="summary_table">'): | |
| in_summary = True | |
| if in_summary: | |
| line = line.replace('rowspan="4"', 'rowspan="6"') |
pajswigger
/ intruder-pause.py
Created
April 19, 2018 09:50
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from burp import IBurpExtender, IHttpListener | |
| import threading, time | |
| class BurpExtender(IBurpExtender, IHttpListener): | |
| count = 0 | |
| lock = threading.Lock() | |
| def registerExtenderCallbacks(self, callbacks): | |
| self.callbacks = callbacks |
NewerOlder