burp-piper-custom-scripts
burp-piper-custom-scripts copied to clipboard
Custom scripts for the PIPER Burp extensions.
Objective
Centralize and share all my custom scripts to be used with the PIPER Burp extension.
Documentation of the extension.
Runtime requirements
:information_source: Reduced to the minimal ones needed, see file requirements.txt for details.
Python >= 3.9 needed and in PATH
.
PS> python --version
Python 3.9.7
Compatibility tests
This GitHub action workfow validate that all scripts are compatible with Python 3.9
, 3.10
on Windows
, Mac
and Linux
OS.
Embedding of this collection of scripts into the PIPER source repository
This topic is pending on the PIPER's author side. Once ready, this repository will be merged.
IDE
Visual Studio Code with Python extension provided by Microsoft is used to develop the scripts.
Project workspace file has been configured to trigger the installation of required code analysis modules and analysis profile is defined in the workspace settings area.
Debug configuration was provided to debug a python script.
Structure
Each script describes its goal in its header, for which PIPER tools is targeted to be used and instruction regarding if HTTP headers must be passed as well as filter to define:
"""
PIPER script to ...
Target tool: [PIPER_TOOL]
[INSTRUCTION_IF_HTTP_HEADERS_MUST_BE_PASSED]
[FILTER_NEEDED_TO_BE_DEFINED]
"""
Overview of the scripts behavior
detect-non-standart-headers
Add a comment to the matching line in the proxy tab for every response containing non-standart HTTP headers.
detect-request-to-web-api
Highlight the matching line in the proxy tab for every request that is made to a web api.
extract-web-api-endpoints
Extract all API endpoints (and URL like because it is hard to really identify if a URL is an API endpoint or not from a static point view) from a JS script content obtained from a HTTP response.
extract-html-metadatas
Extract interesting information from HTML META tags from a HTTP response. Mainly used to quickly identify which products/tools was used to build the site/application.
detect-response-with-errors-disclosure
Detect HTTP responses containing a strack trace. Mainly used to quickly identify pages disclosing technical information via stack traces.
extract-jwt-tokens
:dart: This script was created in order to avoid the need to use another extensions or the decoder to just see the content of the token.
Extract and pretty-display all JWT tokens present in an HTTP response.
extract-blazor-webassembly-assemblies
:dart: Just copy/paste the script section in a
ps1
/sh
file and execute it to retrieve all the assemblies.
Extract the collection of assemblies from a HTTP response describing the assemblies used by a Blazor WebAssembly application.
A script to download all the assemblies, is generated in the same time:
- For Windows is PowerShell.
- For other is Bash.
extract-uuid-infos
:clap: Inspired from this project so, credits goes first to it!
Extract the collection of UUID present in a HTTP response and then, depending on the version of UUID, extract the infos for each of them.
Sources:
- How secure are your Universally Unique IDentifiers?
- Not so unique snowflakes.
- UUID versions explained.
- POC "Sandwich Attack: A New Way Of Brute Forcing UUIDs".
extract-spa-unsafe-patterns
Extract all occurences of unsafe patterns used in a Single Page Application (SPA) main JS bundle file.
The objective is to quickly spot if framework built-in security features are disabled or if unsafe code patterns are used in order to identify potential attack vectors on the client side.
extract-spa-low-hanging-fruits
Extract elements from a Single Page Application (SPA) html files and main JS bundles that can be interesting from security point of view.
The objective is to quickly spot interesting low-level issues than can used as foundation to discover more critical issues.
extract-saml-response-infos
:dart: This script was created in order to avoid the need to use another extensions or the decoder to just see the content of the SAML response.
Extract and pretty-display information from a SAML response present in an HTTP response.
extract-saml-request-infos
:dart: This script was created in order to avoid the need to use another extensions or the decoder to just see the content of the SAML request.
Extract and pretty-display information from a SAML request present in an HTTP request.
Configuration
:warning: Change the script location path defined in prefix field for all custom scripts before to import the configuration.
After the import, do not forget to enable the scripts because they are all disabled by default by the import command.
For Highlighters, the color can be changed before the import by changing the color field to one constants supported by PIPER/BURP.
The file piper-config.yaml contains the complete configuration that I use for all my custom scripts.