際際滷

際際滷Share a Scribd company logo

Create a Custom Plugin in Burp Suite using the Extension

Download as PPTX, PDF
NSConclave
NSConclave

This document discusses creating a custom plugin in Burp Suite using the extension framework. It provides advantages of using the extension, requirements, an overview of implementing request and response functions on the server, server helper functions, and a demo of creating a custom plugin that decrypts and encrypts requests and responses for a bank web application. The presentation agenda includes an introduction, block diagram, requirements, running the server, request and response functions, server helper functions, and a demo.

Convert to study guideBETA

Transform any presentation into a summarized study guide, highlighting the most important points and key insights.

1 of 10
Download to read offline
LAKSHMAN GARKINI Create a Custom Plugin in Burp Suite using the Extension Lakshman Garkini 29-01-2023 AMA, Ahmedabad
LAKSHMAN GARKINI Introduction and Agenda Advantages of using this extension Block Diagram Requirements Server Implement Request & Response functions ServerHelper functions Demo 2
LAKSHMAN GARKINI Advantages of using this extension It is capable of modifying the Request and Response on the fly For the creation of a Custom Plugin, you need to know either Python JavaScript 3
LAKSHMAN GARKINI Block Diagram 4
LAKSHMAN GARKINI Requirements Server Python3 Pyro4 (pip3 install Pyro4) NodeJS (Optional) Client Jython Standalone Jar 5
LAKSHMAN GARKINI Server To run the server on a custom host (192.168.0.109) python3 burp_server.py H 192.168.0.109 To run the server on a custom port (9090) python3 burp_server.py p 9090 6
LAKSHMAN GARKINI Implement Request & Response functions Python / JS functions Parameter request 2 Parameters 1st Param: Request 2nd Param: Request Payload response 4 Parameters 1st Param: Request 2nd Param: Request Payload 3rd Param: Response 4th Param: Response Payload 7
LAKSHMAN GARKINI ServerHelper functions Python / JS functions Parameter Description setQS 1 Parameter Request / Response (copy from burp suite extension) Sets the Request/Response for development getHeaders 1 Parameter Request / Response Returns HTTP request / response headers putHeader 3 Parameters 1st Param: Key 2nd Param: Value 3rd Param: Request / Response Puts header in the HTTP request / response getBody 1 Parameter Request / Response Returns HTTP request / response body appendResponsePayload 2 Parameters 1st Param: Payload 2nd Param: Response Append Payload to the HTTP response and returns appended HTTP response 8
LAKSHMAN GARKINI DEMO Overview of Bank Web Application Coding of a Custom Plugin Decryption of Request in JavaScript Decryption of Response in Python Encryption of Request in Python Encryption of Response in Python Creation of a Custom Plugin in Burp Suite How to use Custom Plugin in Repeater Intruder Intercept 9
LAKSHMAN GARKINI Thank You Lakshman Garkini lakshman@net-square.com

More Related Content

Create a Custom Plugin in Burp Suite using the Extension

  • 1. LAKSHMAN GARKINI Create a Custom Plugin in Burp Suite using the Extension Lakshman Garkini 29-01-2023 AMA, Ahmedabad
  • 2. LAKSHMAN GARKINI Introduction and Agenda Advantages of using this extension Block Diagram Requirements Server Implement Request & Response functions ServerHelper functions Demo 2
  • 3. LAKSHMAN GARKINI Advantages of using this extension It is capable of modifying the Request and Response on the fly For the creation of a Custom Plugin, you need to know either Python JavaScript 3
  • 5. LAKSHMAN GARKINI Requirements Server Python3 Pyro4 (pip3 install Pyro4) NodeJS (Optional) Client Jython Standalone Jar 5
  • 6. LAKSHMAN GARKINI Server To run the server on a custom host (192.168.0.109) python3 burp_server.py H 192.168.0.109 To run the server on a custom port (9090) python3 burp_server.py p 9090 6
  • 7. LAKSHMAN GARKINI Implement Request & Response functions Python / JS functions Parameter request 2 Parameters 1st Param: Request 2nd Param: Request Payload response 4 Parameters 1st Param: Request 2nd Param: Request Payload 3rd Param: Response 4th Param: Response Payload 7
  • 8. LAKSHMAN GARKINI ServerHelper functions Python / JS functions Parameter Description setQS 1 Parameter Request / Response (copy from burp suite extension) Sets the Request/Response for development getHeaders 1 Parameter Request / Response Returns HTTP request / response headers putHeader 3 Parameters 1st Param: Key 2nd Param: Value 3rd Param: Request / Response Puts header in the HTTP request / response getBody 1 Parameter Request / Response Returns HTTP request / response body appendResponsePayload 2 Parameters 1st Param: Payload 2nd Param: Response Append Payload to the HTTP response and returns appended HTTP response 8
  • 9. LAKSHMAN GARKINI DEMO Overview of Bank Web Application Coding of a Custom Plugin Decryption of Request in JavaScript Decryption of Response in Python Encryption of Request in Python Encryption of Response in Python Creation of a Custom Plugin in Burp Suite How to use Custom Plugin in Repeater Intruder Intercept 9
  • 10. LAKSHMAN GARKINI Thank You Lakshman Garkini lakshman@net-square.com