AppSec USA 2014 Denver, Colorado Customizing Burp Suite Getting the Most out of Burp Extensions
2 August Detlefsen Senior Application Security
3 Burp Suite Burp Suite is a powerful tool for performing security assessments Burp Plugin API allows new features to be added
4 What Can I Do With Plugins? Passive Scanning Active Scanning Alter/append requests Define Insertion Points for Scanner/Intruder
5 Prerequisites Burp Suite Pro v 1.5.x Java 1.6.x NetBeans Other programming languages
6 Creating An Extension Download the Extender API from Portswigger: p_extender_api.zip p_extender_api.zip
7 Creating an Extension Create a new project with existing sources:
8 Creating an Extension Create the BurpExtender class – In package ‘burp’ – Implement IBurpExtender
9 Creating an Extension
10 Creating an Extension Implement registerExtenderCallbacks
11 Load the Extension into Burp Suite
12 Passive Scanning Search responses for problematic values Built-in passive scans – Credit card numbers – Known passwords – Missing headers Building a Passive Scanner
13 Passive Scanning – Room for Improvement Error Messages Software Version Numbers Building a Passive Scanner
14 Building a Passive Scanner Implement the IScannerCheck interface: Register the extension as a scanner: Building a Passive Scanner
15 IScannerCheck.doPassiveScan() Building a Passive Scanner
16 IScannerCheck.doPassiveScan() Building a Passive Scanner
17 IScannerCheck.consolidateDuplicateIssues() Ensure an issue is only posted to scanner once Building a Passive Scanner
18 IScannerCheck.doActiveScan() Only needed for active scans Building a Passive Scanner
19 Active Scanning Issue requests containing attacks Look for indication of success in response Built-In Active Scans – XSS – SQL Injection – Path Traversal – etc Building an Active Scanner
20 IScannerCheck.doActiveScan() Building an Active Scanner
21 Insertion Points Locations of parameters in request Contain data the server will act upon Building an Active Scanner
22 Building an Active Scanner
23 Building an Active Scanner
24 Defining Insertion Points Implement IScannerInsertionPointProvider – getInsertionPoints() Register as an insertion point provider Building an Active Scanner
25 BurpExtender.getInsertionPoints() Building an Active Scanner
26 Building an Active Scanner
27 Debugging callbacks.printOutput(String) callbacks.printError(String) Exception.printStackTrace() Utilities
28 Debugging – Stack Traces Get the error OutputStream Print a stack trace to the stream Utilities
29 Summary Setup Passive Scanning Active Scanning Handling custom request types Utilities
30 Build Extensions! Profit!