Skip to content

Instantly share code, notes, and snippets.

View pajswigger's full-sized avatar

Paul Johnston pajswigger

142 followers · 0 following
View GitHub Profile
@pajswigger
pajswigger / nested-decoder.kt
Created January 16, 2018 17:27
package burp;
import java.awt.Component
import java.util.*
class MessageEditorTab : IMessageEditorTab {
var messageEditor = BurpExtender.cb.createMessageEditor(null, true)
override fun getMessage(): ByteArray {
return messageEditor.message
@pajswigger
pajswigger / highlight.java
Created January 23, 2018 08:07
Highlight a Burp Tab
JTabbedPane tabbedPane;
ChangeListener changeListener;
// add to constructor
addHierarchyListener(this);
void highlightTab()
{
if(tabbedPane != null)
{
@pajswigger
pajswigger / remove-jar-compression.sh
Created January 29, 2018 11:34
#!/bin/bash
orig=$PWD
file=`basename $1`
mkdir -p "/tmp/$file"
cd "/tmp/$file"
jar -xf "$orig/$1"
find . -name \*.jar | while read JAR; do
jar -u0f "$orig/$1" $JAR
done
@pajswigger
pajswigger / redirect-follower.py
Created February 8, 2018 09:58
# For use with Python Scripter extension
from java.net import URL
if not messageIsRequest:
request_info = helpers.analyzeRequest(messageInfo.getHttpService(), messageInfo.getRequest())
if request_info.getUrl().toString() == 'http://blah/':
response_info = helpers.analyzeResponse(messageInfo.getResponse())
for header in response_info.getHeaders():
if header.startswith('Location: '):
url = URL(header[len('Location: '):])
req = helpers.buildHttpRequest(url)
@pajswigger
pajswigger / BuildUnencodedRequest.java
Last active June 14, 2018 10:12
package burp;
import java.util.Random;
public class BuildUnencodedRequest
{
private Random random = new Random();
private IExtensionHelpers helpers;
BuildUnencodedRequest(IExtensionHelpers helpers)
@pajswigger
pajswigger / jython-code-completion.md
Last active November 8, 2019 04:18

Code completion for Burp Jython extensions

The IntelliJ Python plugin supports code completion and this can recognize the Burp API. First, make sure your project has the SDK set to Jython:

image

Then, add the Burp API as a library:

image

@pajswigger
pajswigger / intruder-pause.py
Created April 19, 2018 09:50
from burp import IBurpExtender, IHttpListener
import threading, time
class BurpExtender(IBurpExtender, IHttpListener):
count = 0
lock = threading.Lock()
def registerExtenderCallbacks(self, callbacks):
self.callbacks = callbacks
@pajswigger
pajswigger / add-cvss-to-report.py
Created April 19, 2018 10:35
import sys
out = []
in_summary = False
with open(sys.argv[1]) as input:
for line in input:
if line.startswith('<table cellpadding="0" cellspacing="0" class="summary_table">'):
in_summary = True
if in_summary:
line = line.replace('rowspan="4"', 'rowspan="6"')
@pajswigger
pajswigger / getBurpFrame.java
Created April 24, 2018 11:26
static JFrame getBurpFrame()
{
for(Frame f : Frame.getFrames())
{
if(f.isVisible() && f.getTitle().startsWith(("Burp Suite")))
{
return (JFrame) f;
}
}
return null;
@pajswigger
pajswigger / license-burp.py
Created April 30, 2018 12:36
import sys, pexpect.popen_spawn, signal
if len(sys.argv) != 3:
print('Usage: license-burp [yes/no] [license-file]')
sys.exit(1)
if sys.argv[1] != 'yes':
print('You must accept the license to use Burp')
sys.exit(1)