Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/PentHertz/5GC_API_parse

A BurpSuite extension to parse 5GC NF OpenAPI 3.0 files to assess 5G core networks
https://github.com/PentHertz/5GC_API_parse

Last synced: 24 days ago
JSON representation

A BurpSuite extension to parse 5GC NF OpenAPI 3.0 files to assess 5G core networks

Host: GitHub
URL: https://github.com/PentHertz/5GC_API_parse
Owner: PentHertz
License: gpl-3.0
Created: 2021-07-18T09:17:01.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2021-07-22T10:18:28.000Z (over 3 years ago)
Last Synced: 2024-08-05T00:06:43.805Z (4 months ago)
Language: Python
Size: 514 KB
Stars: 72
Watchers: 4
Forks: 21
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-burp-extensions - 5GC_API_parse - 5GC API parse is a BurpSuite extension allowing to assess 5G core network functions, by parsing the OpenAPI 3.0 not supported by previous OpenAPI extension in Burp, and generating requests for intrusion tests purposes. (Web Services / SSRF)
awesome-hacking-lists - PentHertz/5GC_API_parse - A BurpSuite extension to parse 5GC NF OpenAPI 3.0 files to assess 5G core networks (Python)

README

# 5GC_API_parse

## Description

5GC API parse is a BurpSuite extension allowing to assess 5G core network functions, by parsing the OpenAPI 3.0 not supported by previous OpenAPI extension in Burp, and generating requests for intrusion tests purposes.

![Burp extension's tab](https://raw.githubusercontent.com/PentHertz/5GC_API_parse/main/images/first.png)

## Installation

### Jython installation (required)

- Download Jython 2.7.x Installer Jar from [https://www.jython.org/download]()
- Install Jython by default:

```bash
java -jar jython-installer-2.7.2.jar
```
- Download PyYAML from [https://github.com/yaml/pyyaml]()
- Install PyYAML:

```bash
./jython PyYAML-5.4.1/setup.py install
```
- Open Burp on Extender / Options
- In Python Environment, set the location of the Jython JAR to the installed one

### 5GC API parse

- Set Extension file to `/5GC_API_parse.py`
- Click `Next`
- The addon is now installed, a new tab named `5GC API parse` should appear

## Usage

Just provide a target address with URL scheme, a port number and a OpenAPI 3.0 file you want to process and voilà:

![Burp extension's tab](https://github.com/PentHertz/5GC_API_parse/blob/main/images/parsedfile.png)

You are ready to use it in the repeater, intruder to fuzz, etc.

Quick demo:

https://user-images.githubusercontent.com/715195/126624333-6c4260e8-361e-4a57-b9b1-0e3c297467f7.mp4

## Change log

- 1.2 (07/20/2021): Core reorganization + adding Swagger browsing for associated YAML files and a clear-all button
- 1.1 (07/20/2021): Fixing errors in headers and adapting default values to actual 5G core
- 1.0 (05/20/2021): Initial release