[Java] How to make Burp Suite extensions

1 minute read

It is a post of (almost) daily Qiita article. It is quite difficult to write every day, so it may be better to put together URLs of information of interest on weekdays in the future…

For now, I’ve put together the information I looked into when I started writing extensions to the Burp Suite. I’ll omit how to install and use Burp.

This time, I have referred to the following.

How to make Burp extension

  1. Get the source for the interface from Burp and incorporate it into your extension. (“Extender” -> “APIs” -> “Save interface files”)
  2. Create a class named burp.BurpExtender as follows. -Package belongs to burp -Class name is BurpExtender -Implement interface IBurpExtender

  3. Write the code you want to actually execute in the registerExtenderCallbacks() method of the implemented IBurpExtender interface.

BurpExtender.java


package burp;

public class BurpExtender implements IBurpExtender {

    public void registerExtenderCallbacks(IBurpExtenderCallbacks iBurpExtenderCallbacks) {
        // write the code that will actually be executed here
    }
}

Some of the functions that can be created

  • I(Proxy|Http|Scanner)Listener API Get problems detected by HTTP communication such as Proxy and Scanner

  • IContextMenu~, IMenuItemHandler API Expanded right-click menu

  • IMessageEditor~ API Customize HTTP edit screen

  • IIntruderPayload~ API Payload generation for Intruder

For details of other functions, refer to the following.

Extension loading

  • Extender >Extensions >Add
  • Select the extension jar file you want to add from Select file…
  • If nothing is displayed in the Error tab, loading succeeds without any error

Notes

  • Burp UI seems to use Latin-1 (ISO8859-1). Garbled characters are troublesome…