Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/righettod/burp-piper-custom-scripts
Custom scripts for the PIPER Burp extensions.
https://github.com/righettod/burp-piper-custom-scripts
burpsuite pentesting piper web
Last synced: about 2 months ago
JSON representation
Custom scripts for the PIPER Burp extensions.
- Host: GitHub
- URL: https://github.com/righettod/burp-piper-custom-scripts
- Owner: righettod
- License: gpl-3.0
- Archived: true
- Created: 2020-11-26T13:57:33.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2023-09-24T06:37:08.000Z (over 1 year ago)
- Last Synced: 2024-08-05T17:37:27.116Z (5 months ago)
- Topics: burpsuite, pentesting, piper, web
- Language: Python
- Homepage:
- Size: 1.31 MB
- Stars: 97
- Watchers: 9
- Forks: 17
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - righettod/burp-piper-custom-scripts - Custom scripts for the PIPER Burp extensions. (Python)
README
> 🚨 Project was stopped to move to [Burp BCheck](https://portswigger.net/burp/documentation/scanner/bchecks) build-in feature.
![code_static_analysis_and_os_compatibility_tests](https://github.com/righettod/burp-piper-custom-scripts/workflows/code_static_analysis_and_os_compatibility_tests/badge.svg?branch=main)
# Objective
Centralize and share all my custom scripts to be used with the [PIPER](https://portswigger.net/bappstore/e4e0f6c4f0274754917dcb5f4937bb9e) Burp extension.
[Documentation](https://blog.silentsignal.eu/2020/03/27/unix-style-approach-to-web-application-testing/) of the extension.
# Runtime requirements
> :information_source: Reduced to the minimal ones needed, see file [requirements.txt](requirements.txt) for details.
Python >= **3.9** needed and in `PATH`.
```powershell
PS> python --version
Python 3.9.7
```# Compatibility tests
This [GitHub action workfow](.github/workflows/static_code_analysis.yml) validate that all scripts are compatible with Python `3.9`, `3.10` on `Windows`, `Mac` and `Linux` OS.
# Embedding of this collection of scripts into the PIPER source repository
This [topic](https://github.com/silentsignal/burp-piper/issues/8) is pending on the PIPER's author side. Once ready, this repository will be merged.
# IDE
[Visual Studio Code](https://code.visualstudio.com/) with [Python extension provided by Microsoft](https://marketplace.visualstudio.com/items?itemName=ms-python.python) is used to develop the scripts.
[Project workspace file](project.code-workspace) has been configured to trigger the installation of required code analysis modules and analysis profile is defined in the workspace settings area.
[Debug configuration](.vscode/launch.json) was provided to debug a python script.
# Structure
Each script describes its goal in its header, for which PIPER tools is targeted to be used and instruction regarding if HTTP headers must be passed as well as filter to define:
```text
"""
PIPER script to ...
Target tool: [PIPER_TOOL]
[INSTRUCTION_IF_HTTP_HEADERS_MUST_BE_PASSED]
[FILTER_NEEDED_TO_BE_DEFINED]
"""
```# Overview of the scripts behavior
## detect-non-standart-headers
Add a comment to the matching line in the proxy tab for every response containing non-standart HTTP headers.
![detect-non-standart-headers](images/detect-non-standart-headers.png)
## detect-request-to-web-api
Highlight the matching line in the proxy tab for every request that is made to a web api.
![detect-request-to-web-api](images/detect-request-to-web-api.png)
## extract-web-api-endpoints
Extract all API endpoints (*and URL like because it is hard to really identify if a URL is an API endpoint or not from a static point view*) from a JS script content obtained from a HTTP response.
![extract-web-api-endpoints](images/extract-web-api-endpoints.png)
## extract-html-metadatas
Extract interesting information from HTML META tags from a HTTP response. Mainly used to quickly identify which products/tools was used to build the site/application.
![extract-html-metadatas](images/extract-html-metadatas.png)
## detect-response-with-errors-disclosure
Detect HTTP responses containing a strack trace. Mainly used to quickly identify pages disclosing technical information via stack traces.
![detect-response-with-errors-disclosure](images/detect-response-with-errors-disclosure.png)
## extract-jwt-tokens
> :dart: This script was created in order to avoid the need to use another [extensions](https://portswigger.net/bappstore) or the [decoder](https://portswigger.net/burp/documentation/desktop/tools/decoder) to just see the content of the token.
Extract and pretty-display all [JWT](https://jwt.io/introduction) tokens present in an HTTP response.
![extract-jwt-tokens](images/extract-jwt-tokens.png)
## extract-blazor-webassembly-assemblies
> :dart: Just copy/paste the script section in a `ps1` / `sh` file and execute it to retrieve all the assemblies.
Extract the collection of assemblies from a HTTP response describing the assemblies used by a [Blazor WebAssembly](https://blazor-university.com/overview/blazor-hosting-models/) application.
A script to download all the assemblies, is generated in the same time:
* For Windows is PowerShell.
* For other is Bash.![extract-blazor-webassembly-assemblies](images/extract-blazor-webassembly-assemblies.png)
## extract-uuid-infos
> :clap: Inspired from this [project](https://github.com/silentsignal/burp-uuid) so, credits goes first to it!
Extract the collection of [UUID](https://en.wikipedia.org/wiki/Universally_unique_identifier) present in a HTTP response and then, depending on the version of UUID, extract the infos for each of them.
![extract-uuid-infos](images/extract-uuid-infos.png)
Sources:
* [How secure are your Universally Unique IDentifiers?](https://versprite.com/blog/universally-unique-identifiers/)
* [Not so unique snowflakes](https://blog.silentsignal.eu/2017/02/17/not-so-unique-snowflakes/).
* [UUID versions explained](https://www.uuidtools.com/uuid-versions-explained).
* [POC "Sandwich Attack: A New Way Of Brute Forcing UUIDs"](https://gist.github.com/righettod/45d59e1d8eb83fe351a9e9aafb37f91f).## extract-spa-unsafe-patterns
Extract all occurences of unsafe patterns used in a [Single Page Application](https://en.wikipedia.org/wiki/Single-page_application) (SPA) main JS bundle file.
The objective is to quickly spot if framework built-in security features are disabled or if unsafe code patterns are used in order to identify potential attack vectors on the client side.
![extract-spa-unsafe-patterns](images/extract-spa-unsafe-patterns.png)
## extract-spa-low-hanging-fruits
Extract elements from a [Single Page Application](https://en.wikipedia.org/wiki/Single-page_application) (SPA) html files and main JS bundles that can be interesting from security point of view.
The objective is to quickly spot interesting low-level issues than can used as foundation to discover more critical issues.
![extract-spa-low-hanging-fruits](images/extract-spa-low-hanging-fruits.png)
![extract-spa-low-hanging-fruits](images/extract-spa-low-hanging-fruits2.png)
## extract-saml-response-infos
> :dart: This script was created in order to avoid the need to use another [extensions](https://portswigger.net/bappstore) or the [decoder](https://portswigger.net/burp/documentation/desktop/tools/decoder) to just see the content of the SAML response.
Extract and pretty-display information from a [SAML response](https://auth0.com/blog/how-saml-authentication-works/) present in an HTTP response.
![extract-saml-response-infos](images/extract-saml-response-infos.png)
## extract-saml-request-infos
> :dart: This script was created in order to avoid the need to use another [extensions](https://portswigger.net/bappstore) or the [decoder](https://portswigger.net/burp/documentation/desktop/tools/decoder) to just see the content of the SAML request.
Extract and pretty-display information from a [SAML request](https://auth0.com/blog/how-saml-authentication-works/) present in an HTTP request.
![extract-saml-request-infos](images/extract-saml-request-infos.png)
# Configuration
> :warning: Change the script location path defined in **prefix** field for all custom scripts **before** to import the configuration.
> After the import, do not forget to enable the scripts because they are all disabled by default by the import command.
> For **Highlighters**, the color can be changed before the import by changing the **color** field to one constants supported by PIPER/BURP.
The file [piper-config.yaml](piper-config.yaml) contains the complete configuration that I use for all my custom scripts.