{"id":13636297,"url":"https://github.com/silentsignal/burp-piper","last_synced_at":"2026-01-21T04:04:21.939Z","repository":{"id":37738278,"uuid":"162301143","full_name":"silentsignal/burp-piper","owner":"silentsignal","description":"Piper Burp Suite Extender plugin","archived":false,"fork":false,"pushed_at":"2026-01-14T14:34:23.000Z","size":512,"stargazers_count":127,"open_issues_count":9,"forks_count":15,"subscribers_count":10,"default_branch":"master","last_synced_at":"2026-01-14T18:12:51.821Z","etag":null,"topics":["burp-extensions","burp-plugin","burpsuite-extender"],"latest_commit_sha":null,"homepage":"https://blog.silentsignal.eu/2020/03/27/unix-style-approach-to-web-application-testing/","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/silentsignal.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-12-18T14:33:57.000Z","updated_at":"2026-01-14T14:34:28.000Z","dependencies_parsed_at":"2024-02-29T12:19:32.186Z","dependency_job_id":"4bf7aca1-4b38-4617-9c2e-1a783cd1e560","html_url":"https://github.com/silentsignal/burp-piper","commit_stats":null,"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/silentsignal/burp-piper","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/silentsignal%2Fburp-piper","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/silentsignal%2Fburp-piper/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/silentsignal%2Fburp-piper/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/silentsignal%2Fburp-piper/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/silentsignal","download_url":"https://codeload.github.com/silentsignal/burp-piper/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/silentsignal%2Fburp-piper/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28625926,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-21T02:47:06.670Z","status":"ssl_error","status_checked_at":"2026-01-21T02:45:44.886Z","response_time":86,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["burp-extensions","burp-plugin","burpsuite-extender"],"created_at":"2024-08-02T00:00:59.606Z","updated_at":"2026-01-21T04:04:21.925Z","avatar_url":"https://github.com/silentsignal.png","language":"Kotlin","funding_links":[],"categories":["Custom Features","Weapons"],"sub_categories":["Burpsuite, Caido and ZAP Addons"],"readme":"Piper for Burp Suite\n====================\n\nPiper integrates external tools and their pipelines to Burp Suite. The \nextension can pass HTTP requests and responses from Burp to external programs, \nthen feed the execution result back to Burp. With Piper you can create:\n\n* **Commentators**: Display the output of an external program in Proxy History \nas comments. For example, you can display the cryptographic hash of every \nrequest by piping their content to `sha256sum`.\n* **Highlighters**: Highlight items in the proxy history based on their \ncontents. For example, you can highlight items where HTTP response includes \nelements of a wordlist. \n* **Message Viewers**: Display the contents of HTTP messages with custom \nformatting. For example, you can display Protobuf structures by piping message \ncontents to `protoc`.\n* **Context Menu Items**: Invoke external tools from context menu. For example, \nyou can use an external diff GUI to compare HTTP messages. \n* **Intruder Payload Generators**: Generate payloads for Intruder with external \ntools. For example, you can make Intruder use password candidates generated by \nJohn the Ripper.\n* **Intruder Payload Processors**: Transform Intruder payloads. For example, you \ncan apply base64 encoding with a custom alphabet using an external script. \n* **Macros**: You can use external tools as part of Macros. For example, you \ncan automatically generate predictable CSRF tokens for every outgoing request.\n* **HTTP Listeners**: Transform outgoing and incoming HTTP messages. For \nexample, you can use an external Python script to handle custom encryption.\n\nDetailed usage information is provided in the original [GWAPT Gold \nPaper](https://www.sans.org/white-papers/39440/), and in [this demonstration \nvideo](https://vimeo.com/401007109).\n\nBuilding\n--------\n\nExecute `./gradlew shadowJar` and you'll have the plugin ready in\n`build/libs/burp-piper.jar`\n\nKnown issues\n------------\n\n - The terminal emulator ignores background color when _Look and feel_ is set\n   to _Nimbus_, see https://bugs.openjdk.java.net/browse/JDK-8058704\n\nSecurity\n--------\n\nPiper configurations can be exported and imported. As configurations define \ncommands to be executed on the user's machine, importing malicious \nconfigurations is a security risk. \n\nPiper disables configurations loaded via the GUI to prevent exploitation, and \nunexpected behavior (e.g.: modification of HTTP messages). To support \nautomation, Piper enables configurations loaded via the `PIPER_CONFIG` \nenvironment variable, so extra care must be taken in this use case. \n\nUsers should always review configurations before importing or enabling them. \n\nLicense\n-------\n\nThe whole project is available under the GNU General Public License v3.0,\nsee `LICENSE.md`. The [swing-terminal component][1] was developed by\n@redpois0n, released under this same license.\n\n[1]: https://github.com/redpois0n/swing-terminal\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsilentsignal%2Fburp-piper","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsilentsignal%2Fburp-piper","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsilentsignal%2Fburp-piper/lists"}