SlideShare ist ein Scribd-Unternehmen logo

Create a Custom Plugin in Burp Suite using the Extension

Als PPTX, PDF herunterladen
NSConclave
NSConclave

Presentation on - How to create a Custom Plugin in Burp Suite using the Extension

Präsentationen & Vorträge
1 von 10
LAKSHMAN GARKINI Create a Custom Plugin in Burp Suite using the Extension Lakshman Garkini 29-01-2023 AMA, Ahmedabad
LAKSHMAN GARKINI Introduction and Agenda ● Advantages of using this extension ● Block Diagram ● Requirements ● Server ● Implement Request & Response functions ● ServerHelper functions ● Demo 2
LAKSHMAN GARKINI Advantages of using this extension ● It is capable of modifying the Request and Response on the fly ● For the creation of a Custom Plugin, you need to know either ○ Python ○ JavaScript 3
LAKSHMAN GARKINI Block Diagram 4
LAKSHMAN GARKINI Requirements ● Server ○ Python3 ○ Pyro4 (pip3 install Pyro4) ○ NodeJS (Optional) ● Client ○ Jython Standalone Jar 5
LAKSHMAN GARKINI Server ● To run the server on a custom host (192.168.0.109) ○ python3 burp_server.py –H 192.168.0.109 ● To run the server on a custom port (9090) ○ python3 burp_server.py –p 9090 6
LAKSHMAN GARKINI Implement Request & Response functions Python / JS functions Parameter request 2 Parameters 1st Param: Request 2nd Param: Request Payload response 4 Parameters 1st Param: Request 2nd Param: Request Payload 3rd Param: Response 4th Param: Response Payload 7
LAKSHMAN GARKINI ServerHelper functions Python / JS functions Parameter Description setQS 1 Parameter Request / Response (copy from burp suite extension) Sets the Request/Response for development getHeaders 1 Parameter Request / Response Returns HTTP request / response headers putHeader 3 Parameters 1st Param: Key 2nd Param: Value 3rd Param: Request / Response Puts header in the HTTP request / response getBody 1 Parameter Request / Response Returns HTTP request / response body appendResponsePayload 2 Parameters 1st Param: Payload 2nd Param: Response Append Payload to the HTTP response and returns appended HTTP response 8
LAKSHMAN GARKINI DEMO ● Overview of Bank Web Application ● Coding of a Custom Plugin ○ Decryption of Request in JavaScript ○ Decryption of Response in Python ○ Encryption of Request in Python ○ Encryption of Response in Python ● Creation of a Custom Plugin in Burp Suite ● How to use Custom Plugin in ○ Repeater ○ Intruder ○ Intercept 9
LAKSHMAN GARKINI Thank You Lakshman Garkini lakshman@net-square.com

Empfohlen

1. MySql plugins
1. MySql plugins1. MySql plugins
1. MySql pluginsRoland Bouman
 
Accelerate Quality with Postman Advance
Accelerate Quality with Postman AdvanceAccelerate Quality with Postman Advance
Accelerate Quality with Postman AdvanceKnoldus Inc.
 
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueShapeBlue
 
Tips & Tricks for Apache Kafka®
Tips & Tricks for Apache Kafka®Tips & Tricks for Apache Kafka®
Tips & Tricks for Apache Kafka®confluent
 
NGINX: HTTP/2 Server Push and gRPC
NGINX: HTTP/2 Server Push and gRPCNGINX: HTTP/2 Server Push and gRPC
NGINX: HTTP/2 Server Push and gRPCNGINX, Inc.
 
Cinder project update at OpenStack Boston Summit May 2017
Cinder project update at OpenStack Boston Summit May 2017Cinder project update at OpenStack Boston Summit May 2017
Cinder project update at OpenStack Boston Summit May 2017Miroslav Halas
 
Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)Jay Bryant
 
First steps with Gazebo simulation for ROS
First steps with Gazebo simulation for ROSFirst steps with Gazebo simulation for ROS
First steps with Gazebo simulation for ROSSergey Matyunin
 

Empfohlen

1. MySql plugins
1. MySql plugins1. MySql plugins
1. MySql pluginsRoland Bouman
 
Accelerate Quality with Postman Advance
Accelerate Quality with Postman AdvanceAccelerate Quality with Postman Advance
Accelerate Quality with Postman AdvanceKnoldus Inc.
 
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueShapeBlue
 
Tips & Tricks for Apache Kafka®
Tips & Tricks for Apache Kafka®Tips & Tricks for Apache Kafka®
Tips & Tricks for Apache Kafka®confluent
 
NGINX: HTTP/2 Server Push and gRPC
NGINX: HTTP/2 Server Push and gRPCNGINX: HTTP/2 Server Push and gRPC
NGINX: HTTP/2 Server Push and gRPCNGINX, Inc.
 
Cinder project update at OpenStack Boston Summit May 2017
Cinder project update at OpenStack Boston Summit May 2017Cinder project update at OpenStack Boston Summit May 2017
Cinder project update at OpenStack Boston Summit May 2017Miroslav Halas
 
Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)Cinder On-boarding Room - Berlin (11-13-2018)
Cinder On-boarding Room - Berlin (11-13-2018)Jay Bryant
 
First steps with Gazebo simulation for ROS
First steps with Gazebo simulation for ROSFirst steps with Gazebo simulation for ROS
First steps with Gazebo simulation for ROSSergey Matyunin
 
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...PGConf APAC
 
from Docker to Moby and back. what changed ?
from Docker to Moby and back. what changed ?from Docker to Moby and back. what changed ?
from Docker to Moby and back. what changed ?strikr .
 
Airframe RPC
Airframe RPCAirframe RPC
Airframe RPCTaro L. Saito
 
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018Jay Bryant
 
Google Cloud Platform Special Training
Google Cloud Platform Special TrainingGoogle Cloud Platform Special Training
Google Cloud Platform Special TrainingSimon Su
 
Kafka Retry and DLQ
Kafka Retry and DLQKafka Retry and DLQ
Kafka Retry and DLQGeorge Teo
 
Sprint 134
Sprint 134Sprint 134
Sprint 134ManageIQ
 
OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017Jay Bryant
 
Django deployment and rpm+yum
Django deployment and rpm+yumDjango deployment and rpm+yum
Django deployment and rpm+yumWalter Liu
 
Run Apache Spark on Kubernetes in Large Scale_ Challenges and Solutions-2.pdf
Run Apache Spark on Kubernetes in Large Scale_ Challenges and Solutions-2.pdfRun Apache Spark on Kubernetes in Large Scale_ Challenges and Solutions-2.pdf
Run Apache Spark on Kubernetes in Large Scale_ Challenges and Solutions-2.pdfAnya Bida
 
Cinder Project On-Boarding - OpenInfra Summit Denver 2019
Cinder Project On-Boarding - OpenInfra Summit Denver 2019Cinder Project On-Boarding - OpenInfra Summit Denver 2019
Cinder Project On-Boarding - OpenInfra Summit Denver 2019Jay Bryant
 
PostgreSQL for Oracle Developers and DBA's
PostgreSQL for Oracle Developers and DBA'sPostgreSQL for Oracle Developers and DBA's
PostgreSQL for Oracle Developers and DBA'sGerger
 
Sprint 133
Sprint 133Sprint 133
Sprint 133ManageIQ
 
Build enterprise wireless with CAPsMAN
Build enterprise wireless with CAPsMANBuild enterprise wireless with CAPsMAN
Build enterprise wireless with CAPsMANGLC Networks
 
EuroPython 2013 - Python3 TurboGears Training
EuroPython 2013 - Python3 TurboGears TrainingEuroPython 2013 - Python3 TurboGears Training
EuroPython 2013 - Python3 TurboGears TrainingAlessandro Molina
 
Sep Nasiri "Upwork PHP Architecture"
Sep Nasiri "Upwork PHP Architecture"Sep Nasiri "Upwork PHP Architecture"
Sep Nasiri "Upwork PHP Architecture"Fwdays
 
Webinar: PostgreSQL continuous backup and PITR with Barman
Webinar: PostgreSQL continuous backup and PITR with BarmanWebinar: PostgreSQL continuous backup and PITR with Barman
Webinar: PostgreSQL continuous backup and PITR with BarmanGabriele Bartolini
 
JBoss EAP 7 & JDG 7 최신 기술 소개
JBoss EAP 7 & JDG 7 최신 기술 소개JBoss EAP 7 & JDG 7 최신 기술 소개
JBoss EAP 7 & JDG 7 최신 기술 소개Ted Won
 
NGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX: HTTP/2 Server Push and gRPC – EMEANGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX: HTTP/2 Server Push and gRPC – EMEANGINX, Inc.
 
Eugene Bova "Dapr (Distributed Application Runtime) in a Microservices Archit...
Eugene Bova "Dapr (Distributed Application Runtime) in a Microservices Archit...Eugene Bova "Dapr (Distributed Application Runtime) in a Microservices Archit...
Eugene Bova "Dapr (Distributed Application Runtime) in a Microservices Archit...LogeekNightUkraine
 
RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_ConclaveNSConclave
 
IOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachIOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachNSConclave
 

Weitere ähnliche Inhalte

Ähnlich wie Create a Custom Plugin in Burp Suite using the Extension

PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...PGConf APAC
 
from Docker to Moby and back. what changed ?
from Docker to Moby and back. what changed ?from Docker to Moby and back. what changed ?
from Docker to Moby and back. what changed ?strikr .
 
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018Jay Bryant
 
Google Cloud Platform Special Training
Google Cloud Platform Special TrainingGoogle Cloud Platform Special Training
Google Cloud Platform Special TrainingSimon Su
 
Kafka Retry and DLQ
Kafka Retry and DLQKafka Retry and DLQ
Kafka Retry and DLQGeorge Teo
 
Sprint 134
Sprint 134Sprint 134
Sprint 134ManageIQ
 
OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017Jay Bryant
 
Django deployment and rpm+yum
Django deployment and rpm+yumDjango deployment and rpm+yum
Django deployment and rpm+yumWalter Liu
 
Run Apache Spark on Kubernetes in Large Scale_ Challenges and Solutions-2.pdf
Run Apache Spark on Kubernetes in Large Scale_ Challenges and Solutions-2.pdfRun Apache Spark on Kubernetes in Large Scale_ Challenges and Solutions-2.pdf
Run Apache Spark on Kubernetes in Large Scale_ Challenges and Solutions-2.pdfAnya Bida
 
Cinder Project On-Boarding - OpenInfra Summit Denver 2019
Cinder Project On-Boarding - OpenInfra Summit Denver 2019Cinder Project On-Boarding - OpenInfra Summit Denver 2019
Cinder Project On-Boarding - OpenInfra Summit Denver 2019Jay Bryant
 
PostgreSQL for Oracle Developers and DBA's
PostgreSQL for Oracle Developers and DBA'sPostgreSQL for Oracle Developers and DBA's
PostgreSQL for Oracle Developers and DBA'sGerger
 
Sprint 133
Sprint 133Sprint 133
Sprint 133ManageIQ
 
Build enterprise wireless with CAPsMAN
Build enterprise wireless with CAPsMANBuild enterprise wireless with CAPsMAN
Build enterprise wireless with CAPsMANGLC Networks
 
EuroPython 2013 - Python3 TurboGears Training
EuroPython 2013 - Python3 TurboGears TrainingEuroPython 2013 - Python3 TurboGears Training
EuroPython 2013 - Python3 TurboGears TrainingAlessandro Molina
 
Sep Nasiri "Upwork PHP Architecture"
Sep Nasiri "Upwork PHP Architecture"Sep Nasiri "Upwork PHP Architecture"
Sep Nasiri "Upwork PHP Architecture"Fwdays
 
Webinar: PostgreSQL continuous backup and PITR with Barman
Webinar: PostgreSQL continuous backup and PITR with BarmanWebinar: PostgreSQL continuous backup and PITR with Barman
Webinar: PostgreSQL continuous backup and PITR with BarmanGabriele Bartolini
 
JBoss EAP 7 & JDG 7 최신 기술 소개
JBoss EAP 7 & JDG 7 최신 기술 소개JBoss EAP 7 & JDG 7 최신 기술 소개
JBoss EAP 7 & JDG 7 최신 기술 소개Ted Won
 
NGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX: HTTP/2 Server Push and gRPC – EMEANGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX: HTTP/2 Server Push and gRPC – EMEANGINX, Inc.
 
Eugene Bova "Dapr (Distributed Application Runtime) in a Microservices Archit...
Eugene Bova "Dapr (Distributed Application Runtime) in a Microservices Archit...Eugene Bova "Dapr (Distributed Application Runtime) in a Microservices Archit...
Eugene Bova "Dapr (Distributed Application Runtime) in a Microservices Archit...LogeekNightUkraine
 

Ähnlich wie Create a Custom Plugin in Burp Suite using the Extension (20)

PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
PGConf APAC 2018 - Managing replication clusters with repmgr, Barman and PgBo...
 
from Docker to Moby and back. what changed ?
from Docker to Moby and back. what changed ?from Docker to Moby and back. what changed ?
from Docker to Moby and back. what changed ?
 
Airframe RPC
Airframe RPCAirframe RPC
Airframe RPC
 
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
OpenStack Cinder On-Boarding Room - Vancouver Summit 2018
 
Google Cloud Platform Special Training
Google Cloud Platform Special TrainingGoogle Cloud Platform Special Training
Google Cloud Platform Special Training
 
Kafka Retry and DLQ
Kafka Retry and DLQKafka Retry and DLQ
Kafka Retry and DLQ
 
Sprint 134
Sprint 134Sprint 134
Sprint 134
 
OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017OpenStack Cinder On-Boarding Education - Boston Summit - 2017
OpenStack Cinder On-Boarding Education - Boston Summit - 2017
 
Django deployment and rpm+yum
Django deployment and rpm+yumDjango deployment and rpm+yum
Django deployment and rpm+yum
 
Run Apache Spark on Kubernetes in Large Scale_ Challenges and Solutions-2.pdf
Run Apache Spark on Kubernetes in Large Scale_ Challenges and Solutions-2.pdfRun Apache Spark on Kubernetes in Large Scale_ Challenges and Solutions-2.pdf
Run Apache Spark on Kubernetes in Large Scale_ Challenges and Solutions-2.pdf
 
Cinder Project On-Boarding - OpenInfra Summit Denver 2019
Cinder Project On-Boarding - OpenInfra Summit Denver 2019Cinder Project On-Boarding - OpenInfra Summit Denver 2019
Cinder Project On-Boarding - OpenInfra Summit Denver 2019
 
PostgreSQL for Oracle Developers and DBA's
PostgreSQL for Oracle Developers and DBA'sPostgreSQL for Oracle Developers and DBA's
PostgreSQL for Oracle Developers and DBA's
 
Sprint 133
Sprint 133Sprint 133
Sprint 133
 
Build enterprise wireless with CAPsMAN
Build enterprise wireless with CAPsMANBuild enterprise wireless with CAPsMAN
Build enterprise wireless with CAPsMAN
 
EuroPython 2013 - Python3 TurboGears Training
EuroPython 2013 - Python3 TurboGears TrainingEuroPython 2013 - Python3 TurboGears Training
EuroPython 2013 - Python3 TurboGears Training
 
Sep Nasiri "Upwork PHP Architecture"
Sep Nasiri "Upwork PHP Architecture"Sep Nasiri "Upwork PHP Architecture"
Sep Nasiri "Upwork PHP Architecture"
 
Webinar: PostgreSQL continuous backup and PITR with Barman
Webinar: PostgreSQL continuous backup and PITR with BarmanWebinar: PostgreSQL continuous backup and PITR with Barman
Webinar: PostgreSQL continuous backup and PITR with Barman
 
JBoss EAP 7 & JDG 7 최신 기술 소개
JBoss EAP 7 & JDG 7 최신 기술 소개JBoss EAP 7 & JDG 7 최신 기술 소개
JBoss EAP 7 & JDG 7 최신 기술 소개
 
NGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX: HTTP/2 Server Push and gRPC – EMEANGINX: HTTP/2 Server Push and gRPC – EMEA
NGINX: HTTP/2 Server Push and gRPC – EMEA
 
Eugene Bova "Dapr (Distributed Application Runtime) in a Microservices Archit...
Eugene Bova "Dapr (Distributed Application Runtime) in a Microservices Archit...Eugene Bova "Dapr (Distributed Application Runtime) in a Microservices Archit...
Eugene Bova "Dapr (Distributed Application Runtime) in a Microservices Archit...
 

Mehr von NSConclave

RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_ConclaveNSConclave
 
IOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachIOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachNSConclave
 
Debugging Android Native Library
Debugging Android Native LibraryDebugging Android Native Library
Debugging Android Native LibraryNSConclave
 
Burp Suite Extension Development
Burp Suite Extension DevelopmentBurp Suite Extension Development
Burp Suite Extension DevelopmentNSConclave
 
Regular Expression Injection
Regular Expression InjectionRegular Expression Injection
Regular Expression InjectionNSConclave
 
HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)NSConclave
 
Node.js Deserialization
Node.js DeserializationNode.js Deserialization
Node.js DeserializationNSConclave
 
RIA Cross Domain Policy
RIA Cross Domain PolicyRIA Cross Domain Policy
RIA Cross Domain PolicyNSConclave
 
LDAP Injection
LDAP InjectionLDAP Injection
LDAP InjectionNSConclave
 
Python Deserialization Attacks
Python Deserialization AttacksPython Deserialization Attacks
Python Deserialization AttacksNSConclave
 
NoSql Injection
NoSql InjectionNoSql Injection
NoSql InjectionNSConclave
 
Thick Client Testing Advanced
Thick Client Testing AdvancedThick Client Testing Advanced
Thick Client Testing AdvancedNSConclave
 
Thick Client Testing Basics
Thick Client Testing BasicsThick Client Testing Basics
Thick Client Testing BasicsNSConclave
 
Security Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahSecurity Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahNSConclave
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaNSConclave
 
Lets get started with car hacking - Ankit Joshi
Lets get started with car hacking - Ankit JoshiLets get started with car hacking - Ankit Joshi
Lets get started with car hacking - Ankit JoshiNSConclave
 

Mehr von NSConclave (20)

RED-TEAM_Conclave
RED-TEAM_ConclaveRED-TEAM_Conclave
RED-TEAM_Conclave
 
IOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's ApproachIOT SECURITY ASSESSMENT Pentester's Approach
IOT SECURITY ASSESSMENT Pentester's Approach
 
Debugging Android Native Library
Debugging Android Native LibraryDebugging Android Native Library
Debugging Android Native Library
 
Burp Suite Extension Development
Burp Suite Extension DevelopmentBurp Suite Extension Development
Burp Suite Extension Development
 
Log Analysis
Log AnalysisLog Analysis
Log Analysis
 
Regular Expression Injection
Regular Expression InjectionRegular Expression Injection
Regular Expression Injection
 
HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)HTML5 Messaging (Post Message)
HTML5 Messaging (Post Message)
 
Node.js Deserialization
Node.js DeserializationNode.js Deserialization
Node.js Deserialization
 
RIA Cross Domain Policy
RIA Cross Domain PolicyRIA Cross Domain Policy
RIA Cross Domain Policy
 
LDAP Injection
LDAP InjectionLDAP Injection
LDAP Injection
 
Python Deserialization Attacks
Python Deserialization AttacksPython Deserialization Attacks
Python Deserialization Attacks
 
Sandboxing
SandboxingSandboxing
Sandboxing
 
NoSql Injection
NoSql InjectionNoSql Injection
NoSql Injection
 
Thick Client Testing Advanced
Thick Client Testing AdvancedThick Client Testing Advanced
Thick Client Testing Advanced
 
Thick Client Testing Basics
Thick Client Testing BasicsThick Client Testing Basics
Thick Client Testing Basics
 
Markdown
MarkdownMarkdown
Markdown
 
Docker 101
Docker 101Docker 101
Docker 101
 
Security Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren ShahSecurity Architecture Consulting - Hiren Shah
Security Architecture Consulting - Hiren Shah
 
OSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan BraganzaOSINT: Open Source Intelligence - Rohan Braganza
OSINT: Open Source Intelligence - Rohan Braganza
 
Lets get started with car hacking - Ankit Joshi
Lets get started with car hacking - Ankit JoshiLets get started with car hacking - Ankit Joshi
Lets get started with car hacking - Ankit Joshi
 

Kürzlich hochgeladen

lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lodhisaajjda
 
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...ZurliaSoop
 
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...David Celestin
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...amilabibi1
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIINhPhngng3
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar TrainingKylaCullinane
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfSkillCertProExams
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Baileyhlharris
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoKayode Fayemi
 
Zone Chairperson Role and Responsibilities New updated.pptx
Zone Chairperson Role and Responsibilities New updated.pptxZone Chairperson Role and Responsibilities New updated.pptx
Zone Chairperson Role and Responsibilities New updated.pptxlionnarsimharajumjf
 
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven CuriosityUnlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven CuriosityHung Le
 
Digital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalDigital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalFabian de Rijk
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatmentnswingard
 
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdfSOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdfMahamudul Hasan
 
Introduction to Artificial intelligence.
Introduction to Artificial intelligence.Introduction to Artificial intelligence.
Introduction to Artificial intelligence.thamaeteboho94
 

Kürzlich hochgeladen (17)

lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
 
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait Cityin kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 
Zone Chairperson Role and Responsibilities New updated.pptx
Zone Chairperson Role and Responsibilities New updated.pptxZone Chairperson Role and Responsibilities New updated.pptx
Zone Chairperson Role and Responsibilities New updated.pptx
 
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven CuriosityUnlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
 
Digital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalDigital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of Drupal
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdfSOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
 
Introduction to Artificial intelligence.
Introduction to Artificial intelligence.Introduction to Artificial intelligence.
Introduction to Artificial intelligence.
 

Create a Custom Plugin in Burp Suite using the Extension

  • 1. LAKSHMAN GARKINI Create a Custom Plugin in Burp Suite using the Extension Lakshman Garkini 29-01-2023 AMA, Ahmedabad
  • 2. LAKSHMAN GARKINI Introduction and Agenda ● Advantages of using this extension ● Block Diagram ● Requirements ● Server ● Implement Request & Response functions ● ServerHelper functions ● Demo 2
  • 3. LAKSHMAN GARKINI Advantages of using this extension ● It is capable of modifying the Request and Response on the fly ● For the creation of a Custom Plugin, you need to know either ○ Python ○ JavaScript 3
  • 5. LAKSHMAN GARKINI Requirements ● Server ○ Python3 ○ Pyro4 (pip3 install Pyro4) ○ NodeJS (Optional) ● Client ○ Jython Standalone Jar 5
  • 6. LAKSHMAN GARKINI Server ● To run the server on a custom host (192.168.0.109) ○ python3 burp_server.py –H 192.168.0.109 ● To run the server on a custom port (9090) ○ python3 burp_server.py –p 9090 6
  • 7. LAKSHMAN GARKINI Implement Request & Response functions Python / JS functions Parameter request 2 Parameters 1st Param: Request 2nd Param: Request Payload response 4 Parameters 1st Param: Request 2nd Param: Request Payload 3rd Param: Response 4th Param: Response Payload 7
  • 8. LAKSHMAN GARKINI ServerHelper functions Python / JS functions Parameter Description setQS 1 Parameter Request / Response (copy from burp suite extension) Sets the Request/Response for development getHeaders 1 Parameter Request / Response Returns HTTP request / response headers putHeader 3 Parameters 1st Param: Key 2nd Param: Value 3rd Param: Request / Response Puts header in the HTTP request / response getBody 1 Parameter Request / Response Returns HTTP request / response body appendResponsePayload 2 Parameters 1st Param: Payload 2nd Param: Response Append Payload to the HTTP response and returns appended HTTP response 8
  • 9. LAKSHMAN GARKINI DEMO ● Overview of Bank Web Application ● Coding of a Custom Plugin ○ Decryption of Request in JavaScript ○ Decryption of Response in Python ○ Encryption of Request in Python ○ Encryption of Response in Python ● Creation of a Custom Plugin in Burp Suite ● How to use Custom Plugin in ○ Repeater ○ Intruder ○ Intercept 9
  • 10. LAKSHMAN GARKINI Thank You Lakshman Garkini lakshman@net-square.com