Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/honoki/bbrf-burp-plugin

A BurpSuite plugin for BBRF
https://github.com/honoki/bbrf-burp-plugin

Last synced: 2 months ago
JSON representation

A BurpSuite plugin for BBRF

Host: GitHub
URL: https://github.com/honoki/bbrf-burp-plugin
Owner: honoki
Created: 2021-01-14T09:51:37.000Z (about 4 years ago)
Default Branch: main
Last Pushed: 2024-11-17T19:54:46.000Z (2 months ago)
Last Synced: 2024-11-17T20:48:24.650Z (2 months ago)
Language: Java
Size: 1.35 MB
Stars: 24
Watchers: 1
Forks: 8
Open Issues: 3
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-burp-extensions - bbrf-burp-plugin - Extension for Bug Bounty Reconnaissance Framework (Tool Integration / SSRF)

README

        [![Mastodon](https://img.shields.io/mastodon/follow/110779442452085429?domain=https%3A%2F%2Finfosec.exchange&style=flat-square&logo=mastodon&logoColor=fff)](https://infosec.exchange/@honoki)

[![BlueSky](https://img.shields.io/badge/@honoki.net-0285FA?logo=bluesky&logoColor=fff&style=flat-square)](https://bsky.app/profile/honoki.net)

## What's BBRF?

The Bug Bounty Reconnaissance Framework (BBRF) is intended to facilitate the workflows of security researchers across multiple devices.

  

For more information about BBRF, read the blog post on https://honoki.net/2020/10/08/introducing-bbrf-yet-another-bug-bounty-reconnaissance-framework/

## What's the plugin for?

The Burp plugin enables easy integration of your daily testing in Burp Suite with your personal BBRF server.

![screenshot1](docs/burp-bbrf-screenshot-1.png)

### Features

* Specify the program name in the BBRF tab in Burp Suite;

* Verify the installation works by clicking the "Verify" button - if the configuration works, you should see the `inscope` of your program appear in the text field below.

* Automatically (passive) scan all HTTP responses for possible subdomains and send them to the BBRF client which will automatically weed out the inscope or outscope domains and send them to your server;

* Select and right-click a number of domains or urls and use the menu item "Send to BBRF" to store them in your database;

* Use the "Copy scope" button to fetch the inscope and outscope from BBRF and load it into Burp's target scope.

    ![screenshot2](docs/burp-bbrf-screenshot-2.png)

## Troubleshooting

This extention assumes you have the [bbrf client](https://github.com/honoki/bbrf-client) installed on your system:

* `pip3 install bbrf`

Everything that is sent to BBRF is matched against the defined scope of the program, so ensure you have configured your inscope and outscope according to your preferences and the program rules.

## See also

* [BBRF Client](https://github.com/honoki/bbrf-client)

* [BBRF Server](https://github.com/honoki/bbrf-server)

* [BBRF Dashboard](https://github.com/honoki/bbrf-dashboard)