{"id":13636374,"url":"https://github.com/anvilsecure/aws-sigv4","last_synced_at":"2025-04-10T16:07:12.873Z","repository":{"id":39963414,"uuid":"180461640","full_name":"anvilsecure/aws-sigv4","owner":"anvilsecure","description":"Anvil Secure's Burp extension for signing AWS requests with SigV4","archived":false,"fork":false,"pushed_at":"2023-11-08T22:44:44.000Z","size":812,"stargazers_count":21,"open_issues_count":4,"forks_count":12,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-08-04T00:04:54.234Z","etag":null,"topics":["aws","aws-sigv4","burp","burp-extensions","signing","sigv4"],"latest_commit_sha":null,"homepage":"https://anvilsecure.com","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"0bsd","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/anvilsecure.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-04-09T22:56:35.000Z","updated_at":"2024-06-25T15:02:31.000Z","dependencies_parsed_at":"2023-11-08T23:36:08.782Z","dependency_job_id":"7ac75fe1-e9d4-4698-b92c-5d169ee7af1e","html_url":"https://github.com/anvilsecure/aws-sigv4","commit_stats":null,"previous_names":["anvilventures/aws-sigv4"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anvilsecure%2Faws-sigv4","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anvilsecure%2Faws-sigv4/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anvilsecure%2Faws-sigv4/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/anvilsecure%2Faws-sigv4/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/anvilsecure","download_url":"https://codeload.github.com/anvilsecure/aws-sigv4/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248250743,"owners_count":21072682,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-sigv4","burp","burp-extensions","signing","sigv4"],"created_at":"2024-08-02T00:01:00.574Z","updated_at":"2025-04-10T16:07:12.841Z","avatar_url":"https://github.com/anvilsecure.png","language":"Java","funding_links":[],"categories":["Cloud Security"],"sub_categories":[],"readme":"# AWS SigV4\nThis is a Burp extension for signing AWS requests with SigV4. Signature Version 4 is a process to add\nauthentication information to AWS HTTP requests. More information can be found here:\nhttps://docs.aws.amazon.com/general/latest/gr/signature-version-4.html\n\nSigV4 uses a timestamp to give signatures a limited lifetime. When using tools like Burp repeater,\nthis plugin will automatically compute a new signature with the current timestamp. You can also\nrepeat requests using different AWS credentials.\n\n## Features\n- Credentials can be imported from a file or environment variables.\n- Automatically select a profile based on the key id in the request.\n- Resend requests with different credentials.\n- Context menu item for copying s3 presigned URLs.\n- Assume a role by providing a role ARN and optional external ID\n\n\n## Build Instructions\nThis assumes gradle is installed properly as well as a Java Development Kit.\n\n```\n$ ./gradlew bigJar\n\u003e Task :compileJava\n\nBUILD SUCCESSFUL in 1s\n2 actionable task: 2 executed\n$ \n```\n\nThat will result in a newly created `build/libs` directory with a single JAR\ncontaining all the dependencies named `aws-sigv4-\u003cversion\u003e-all.jar`. This JAR can be\nloaded into Burp using the Extender tab.\n\nLoading the project up in IntelliJ IDEA should also make it easy to build the\nsource.\n\n\n## Usage\nHit the \"Import\" button to open the credential import dialog. From there, you can choose a\nfile to import or select the \"Auto\" button to check default file locations and\nthe environment for credentials. See https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-where\nfor expected file format. You can also manually add credentials by clicking \"Add\" in the main tab.\nIn addition to the credentials file, the plugin will also check if the profile exists in the config\nfile and it will pull in parameters from there.\n\nAt a minimum, a profile should contain a name and at least 1 credential provider. Outgoing requests\nwill be signed with the profile whose keyId matches the accessKeyId in the original request. If\nthe accessKeyId is not recognized, the message will be sent unmodified. Alternatively, a\n\"Default Profile\" can be set which will be used to sign all outgoing requests regardless\nof the original accessKeyId. The plugin will also look for the \"X-BurpSigV4-Profile\" HTTP header\nfor a profile name to use, with highest priority.\n\nRegion and service should almost always be left blank. This will ensure the region and\nservice in the original request are used which is desired in most cases. If your credential\nor config file contains a region for a named profile, that will be used.\n\nProfiles will be saved in the Burp settings store, including AWS keys, if \"Persist Profiles\"\nis checked. You can also \"Export\" credentials to a file for importing later or for use\nwith the aws cli.\n\n### Credentials\n\nConfigure profiles to obtain credentials in any of the following ways.\n\n**Static Credentials**\n\nPermanent credentials issued by IAM or temporary credentials with a session token can be\nentered here.\n\n**AssumeRole**\n\nIAM roles can be assumed by entering a roleArn. Authorized credentials for calling sts:AssumeRole\nshould be entered in the \"Credentials\" form for assuming the specified role.\n\n**HttpGet**\n\nIf you are retrieving credentials in some other manner, you can serve them over HTTP and\nconfigure this form with the URL. An HTTP GET request will be issued to the URL and responses\nwill be expected in 1 of 2 formats:\n\n```json\n{\n    \"AccessKeyId\": \"\u003cstring\u003e\",\n    \"SecretAccessKey\": \"\u003cstring\u003e\"\n}\n```\n\nor\n\n```json\n{\n    \"AccessKeyId\": \"\u003cstring\u003e\",\n    \"SecretAccessKey\": \"\u003cstring\u003e\",\n    \"SessionToken\": \"\u003cstring\u003e\",\n    \"Expiration\": \"\u003cint\u003e\"\n}\n```\n\nPermanent credentials (no \"SessionToken\") will be fetched every time they are used. Temporary credentials\nwill only be fetched when they are nearing expiration. Expiration should be specified in epoch seconds or\nas an ISO 8601 timestamp.\n\n**AWS Profile**\n\nFetch credentials from the files used by the AWS CLI ([docs](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html)).\n\n### Environment\nhttps://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html\n\nThe following environment variables are recognized:\n- AWS_ACCESS_KEY_ID\n- AWS_SECRET_ACCESS_KEY\n- AWS_SESSION_TOKEN\n- AWS_DEFAULT_REGION\n- AWS_CONFIG_FILE\n- AWS_SHARED_CREDENTIALS_FILE\n\nIf using the aws cli, set AWS_CA_BUNDLE to the path of your burp certificate (in PEM format).\n\n## Screenshots\n\nUI tab\n\n![UI](docs/screenshots/ui-example.png)\n\nImporting profiles\n\n![Importing Profiles](docs/screenshots/import-profiles.png)\n\nEditing a profile\n\n![Importing Profiles](docs/screenshots/profile-editor.png)\n\n## Development\n\nEnable debug output for the aws sdk by adding the following property at the command line:\n\n```\n-Dorg.slf4j.simpleLogger.defaultLogLevel=trace\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanvilsecure%2Faws-sigv4","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fanvilsecure%2Faws-sigv4","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fanvilsecure%2Faws-sigv4/lists"}