-
Notifications
You must be signed in to change notification settings - Fork 21
Examples
Name: Decoder++
Group:
Command: dpp --dialog -f %F
[ ] Run in background
[ ] Run in terminal
[X] Output should replace selection
[ ] Show preview
The diff tool of Burp is quite nice. However, if you prefer an external tool e.g. meld you might find this setup quite interesting.
We define three send-to context menu entries.
- One for writing the path of the file containing the selected request into burp-send-to.stack
- One for starting meld to compare the files stored in burp-send-to.stack
- One for clearing burp-send-to.stack
Name: add Request/Response
Group: stack
Command: echo %R >> $HOME/burp-send-to.stack
[X] Run in background
[ ] Run in terminal
[ ] Output should replace selection
[ ] Show preview
Name: clear
Group: stack
Command: echo -n '' > $HOME/burp-send-to.stack
[X] Run in background
[ ] Run in terminal
[ ] Output should replace selection
[ ] Show preview
Name: diff
Group: stack
Command: meld $(paste -sd' ' $HOME/burp-send-to.stack)
[X] Run in background
[ ] Run in terminal
[ ] Output should replace selection
[ ] Show preview
Some tools require a specific header format which is not directly supported by the Burp Send-To extension. However, with a wrapper-script we can work around it:
Name: header format
Group: misc
Command: header_script.sh %U %E
[ ] Run in background
[X] Run in terminal
[ ] Output should replace selection
[X] Show preview
header_script_1.sh
#!/bin/bash
url="${1}"
headers="$(sed ':a;N;$!ba;s/\n/\\n/g' ${2})" # Replace newlines in header-file with a literal "\n"
/path/to/tool -u "${url}" --headers "${headers}"
header_script_2.sh
#!/bin/bash
url="${1}"
headers_file="${2}"
header_options=""
while read header || [ -n "${header}" ]; do
header_options+=" -H '${header}'"
done< <(tail -n+2 "${headers_file}")
/path/to/tool -u "${url}" ${header_options}
Sometimes you might require a specific header value which is not directly supported by the Burp Send-To extension. However, with a wrapper-script we can work around it:
Name: headers
Group: misc
Command: extract-header-value.sh %E "Content-Length"
[ ] Run in background
[X] Run in terminal
[ ] Output should replace selection
[X] Show preview
#!/bin/bash
function extract_header_value_by_key() {
_header_file="${1}"
_key="${2}"
while read line; do
key="$(echo "${line}" | cut -f1 -d':')"
value="$(echo "${line}" | cut -f2- -d' ')"
if [ "${key}" = "${_key}" ]; then
# Prints value on matching key ...
echo "${value}"
break
fi
done< "${_header_file}"
}
header_file="${1}"
key="${2}"
extract_header_value_by_key "${header_file}" "${key}"
If you are on Windows and you want to make use of the Linux Subsystem you may run into problems when you want to pass filenames (e.g. the %R placeholder).
To solve this issue you can use a wrapper script as described below:
- Place a file (e.g. named "ffuf-wrapper") into /home/yourname/work/bin/ with the following content:
#!/bin/bash
# 1. Transform windows path to wsl path
# >>> wslpath -a 'C:\\aaa\\bbb\\ccc\\foo.zip'
# /mnt/c/aaa/bbb/ccc/foo.zip
request_path="$(wsl -a "${1}")"
# 2. Call ffuf with the correct request path
/home/yourname/work/bin/ffuf -w "${request_path}" -X POST -d "username=admin\&password=FUZZ" -u https://target/login.php -fc 401
Remember to set the executable-flag for this script:
chmod +x /home/yourname/work/bin/ffuf-wrapper
Create a send-to context menu entry with the following parameters:
- name: wsl ffuf
- command: wsl /home/yourname/work/bin/ffuf-wrapper %R
- group:
- Run in background
- Run in terminal
- Output should replace selection
- Show preview prior to execution