Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/0xd0ug/burpExtensions-clipboardRepeater
https://github.com/0xd0ug/burpExtensions-clipboardRepeater
Last synced: 25 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/0xd0ug/burpExtensions-clipboardRepeater
- Owner: 0xd0ug
- License: bsd-3-clause
- Created: 2021-01-11T17:57:53.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2021-01-16T02:36:30.000Z (almost 4 years ago)
- Last Synced: 2024-08-04T00:04:19.986Z (4 months ago)
- Language: Java
- Size: 305 KB
- Stars: 4
- Watchers: 3
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-burp-extensions - RepeaterClips - The RepeaterClips extension lets you share requests with just two clicks and a paste. (Custom Features)
README
# RepeaterClips
The RepeaterClips extension lets you share requests with just two clicks and a paste.
By converting any Burp request into a compressed Base64 string, it can be easily shared over IM or email without fear of autocorrect or autoformatting corrupting the request. There's no need for sender or receiver to have a browser open, and the built-in compression allows even large requests to be sent with relative ease.
## How it works
Once RepeaterClips successfully loads, it creates two new items in Burp's context menu for requests. The first, **Copy RepeaterClip**, reads the protocol (http or https), host address, port number, and text from the current request; consolidates it into a JSON string; compresses the string; encodes it with Base64, and copies it to your system clipboard. The second menu item, **Paste RepeaterClip to Repeater**, creates a new Repeater tab and generates a request based on a RepeaterClip you previously copied to the clipboard.
To share a request with a colleague, just choose the **Copy RepeaterClip** option, transition to your favorite email or IM client, and paste the clipboard into a message to send. Your colleague will then copy the Base64 text string you pasted, transition to Burp, and then choose **Paste RepeaterClip to Repeater**. They will then see a new Repeater tab with a request identical to the one on your system. If they identify a new attack vector and want to send their modified request back to you, they simply reverse the process.
## Important Considerations
Requests can contain session cookies or even encoded or cleartext passwords in headers or parameters. **_RepeaterClips does not encrypt any data._** Though each RepeaterClip appears obfuscated, it is just compressed and encoded with Base64 using standard libraries. If sensitive data is contained in the request, you'll need to take appropriate steps to protect it yourself.
If for some reason, the extension cannot convert your request, the clipboard will not change. Make sure you verify the contents (perhaps by choosing the **Paste RepeaterClip to Repeater** option) before you paste something you didn't intend to paste and send it to a colleague by mistake.
Likewise, RepeaterClips doesn't verify the integrity of requests or check them for malicious content. Be sure you trust your source and the integrity of your messaging channel prior to sending a request from Burp generated by a RepeaterClip.
## Building
You can build RepeaterClips with maven. I also built a jar with dependencies and included it in the Target directory. This jar worked on both Windows and Mac for me.
## Final Thoughts
There are many great extensions in the BApp store, some of which are designed to aid in collaboration. I created RepeaterClips because my colleagues and I needed a quick way to send requests to each other, and because the compression and quick copy-paste method worked best for us. I encourage you to check out other great extensions and use the one that works best for you. And if you have any ideas to improve RepeaterClips, please create an Issue here or tweet at me @0xd0ug on Twitter. I don't have a lot of time to spend on development, but I'll do what I can. Thanks!