Skip to content

Commit 2163cca

Browse files
author
Gabriel Caudrelier
committed
initial commit
1 parent dcfbd02 commit 2163cca

File tree

5 files changed

+1178
-1
lines changed

5 files changed

+1178
-1
lines changed

.gitignore

+107
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,107 @@
1+
*.o
2+
*.so
3+
*~
4+
Makefile*
5+
build/*
6+
bin/*
7+
lib/*
8+
*.so*
9+
*.jar
10+
*.jardesc
11+
.classpath
12+
.project
13+
.settings/*
14+
/bin/
15+
/bin/
16+
/bin/
17+
/bin/
18+
/bin/
19+
/bin/
20+
/bin/
21+
/bin/
22+
/bin/
23+
/bin/
24+
/bin/
25+
/bin/
26+
/bin/
27+
/bin/
28+
/bin/
29+
/bin/
30+
/bin/
31+
/bin/
32+
/bin/
33+
/bin/
34+
/bin/
35+
/bin/
36+
/bin/
37+
/bin/
38+
/bin/
39+
/bin/
40+
/bin/
41+
/bin/
42+
/bin/
43+
/bin/
44+
/bin/
45+
/bin/
46+
/bin/
47+
/bin/
48+
/bin/
49+
/bin/
50+
/bin/
51+
/bin/
52+
/bin/
53+
/bin/
54+
/bin/
55+
/bin/
56+
/bin/
57+
/bin/
58+
/bin/
59+
/bin/
60+
/bin/
61+
/bin/
62+
/bin/
63+
/bin/
64+
/bin/
65+
/bin/
66+
/bin/
67+
/bin/
68+
/bin/
69+
/bin/
70+
/bin/
71+
/bin/
72+
/bin/
73+
/bin/
74+
/bin/
75+
/bin/
76+
/bin/
77+
/bin/
78+
/bin/
79+
/bin/
80+
/bin/
81+
/bin/
82+
/bin/
83+
/bin/
84+
/bin/
85+
/bin/
86+
/bin/
87+
/bin/
88+
/bin/
89+
/bin/
90+
/bin/
91+
/bin/
92+
/bin/
93+
/bin/
94+
/bin/
95+
/bin/
96+
/bin/
97+
/bin/
98+
/bin/
99+
/bin/
100+
/bin/
101+
/bin/
102+
/bin/
103+
/bin/
104+
/bin/
105+
/bin/
106+
/bin/
107+
/bin/

README.md

+31-1
Original file line numberDiff line numberDiff line change
@@ -1 +1,31 @@
1-
# extractparam
1+
ExtractParam Burp plugin
2+
========
3+
4+
# Usage
5+
* right click in a request/response panel
6+
* select "extract param values"
7+
8+
Note: highlighting the parameter will populate the field value automatically
9+
10+
## description
11+
This plugin will extract all the values of the given parameter name within the Burp proxy logs.
12+
Currently looks into:
13+
14+
* HTTP headers
15+
* Requests parameters as parsed by Burp (includes GET/POST usual params, cookies, JSon)
16+
* HTML attributes (i.e. name="[param name]" value="[param value]")
17+
* Scripts variable assignement (i.e. param="value")
18+
19+
It creates a consolidated table of all uniques values and their occurences count.
20+
It is possible to export the values list, or the URLs where those value were found or the list of Burp proxy ids for the requests/responses
21+
22+
It also includes some exclusions filters, such as urls in scope, response/requests only, or Content-Type based.
23+
24+
> Released under AGPL see LICENSE for more information
25+
26+
## Build requirements
27+
28+
* Eclipse IDE
29+
* Burp official application jar file (to be added in the classpath)
30+
31+

src/burp/BurpExtender.java

+50
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
/**
2+
* Released as open source by iSec Partners / NCC Group
3+
* https://www.isecpartners.com/ - http://www.nccgroup.com/
4+
*
5+
* Developed by Gabriel Caudrelier, gabriel dot caudrelier at isecpartners dot com
6+
*
7+
* https://github.com/iSECPartners/extractparam
8+
*
9+
* Released under GPL see LICENSE for more information
10+
* */
11+
12+
package burp;
13+
14+
import java.io.PrintWriter;
15+
16+
public class BurpExtender implements IBurpExtender {
17+
18+
private static IBurpExtenderCallbacks burp;
19+
private static PrintWriter errOut;
20+
private static PrintWriter stdOut;
21+
private static final String VERSION = "1.0";
22+
23+
public BurpExtender() {
24+
25+
}
26+
27+
@Override
28+
public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) {
29+
errOut = new PrintWriter(callbacks.getStderr());
30+
stdOut = new PrintWriter(callbacks.getStdout());
31+
32+
callbacks.registerContextMenuFactory(new ExtractParamContextMenu(callbacks));
33+
callbacks.setExtensionName("Extract parameter v" + VERSION );
34+
burp = callbacks;
35+
}
36+
37+
public static final void alert(String message) {
38+
burp.issueAlert(message);
39+
stdOut.println(message);
40+
}
41+
42+
public static final void error(String message) {
43+
burp.issueAlert(message);
44+
errOut.println(message);
45+
}
46+
47+
public static final void message (String message) {
48+
stdOut.println(message);
49+
}
50+
}

src/burp/ExtractParamContextMenu.java

+105
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,105 @@
1+
/**
2+
* Released as open source by iSec Partners / NCC Group
3+
* https://www.isecpartners.com/ - http://www.nccgroup.com/
4+
*
5+
* Developed by Gabriel Caudrelier, gabriel dot caudrelier at isecpartners dot com
6+
*
7+
* https://github.com/iSECPartners/extractparam
8+
*
9+
* Released under GPL see LICENSE for more information
10+
* */
11+
12+
package burp;
13+
14+
import java.awt.event.ActionEvent;
15+
import java.util.ArrayList;
16+
import java.util.Arrays;
17+
import java.util.List;
18+
19+
import javax.swing.AbstractAction;
20+
import javax.swing.JMenuItem;
21+
22+
public class ExtractParamContextMenu implements IContextMenuFactory {
23+
24+
private ArrayList<JMenuItem> itemList;
25+
private IBurpExtenderCallbacks callbacks;
26+
27+
public ExtractParamContextMenu(IBurpExtenderCallbacks mcallbacks) {
28+
callbacks = mcallbacks;
29+
itemList = new ArrayList<JMenuItem>();
30+
}
31+
32+
@Override
33+
public List<JMenuItem> createMenuItems(IContextMenuInvocation arg0) {
34+
itemList.clear();
35+
int tool = arg0.getToolFlag();
36+
if (tool == IBurpExtenderCallbacks.TOOL_INTRUDER ||
37+
tool == IBurpExtenderCallbacks.TOOL_PROXY ||
38+
tool == IBurpExtenderCallbacks.TOOL_REPEATER ||
39+
tool == IBurpExtenderCallbacks.TOOL_TARGET ||
40+
tool == IBurpExtenderCallbacks.TOOL_COMPARER) {
41+
42+
itemList.add(new JMenuItem(new SearchParamAction(callbacks, arg0)));
43+
return itemList;
44+
} else {
45+
System.out.println(" ==> Unmanaged tool " + String.valueOf(tool));
46+
}
47+
48+
return null;
49+
50+
}
51+
52+
class SearchParamAction extends AbstractAction {
53+
54+
private static final long serialVersionUID = -6030591110872316798L;
55+
private int[] selection;
56+
private byte[] data;
57+
private boolean request;
58+
private ExtractParamDialog paramDialog;
59+
private IContextMenuInvocation contextMenu;
60+
private IBurpExtenderCallbacks callbacks;
61+
62+
public SearchParamAction(IBurpExtenderCallbacks mcallbacks, IContextMenuInvocation mContextMenu) {
63+
super("Extract param values");
64+
callbacks = mcallbacks;
65+
putValue(SHORT_DESCRIPTION, "Extract all the values of the given parameter from the proxy logs");
66+
contextMenu = mContextMenu;
67+
}
68+
69+
@Override
70+
public void actionPerformed(ActionEvent e) {
71+
String sdata = new String();
72+
byte contextInv = contextMenu.getInvocationContext();
73+
request = contextInv == IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_REQUEST ||
74+
contextInv == IContextMenuInvocation.CONTEXT_MESSAGE_VIEWER_REQUEST ||
75+
contextInv == IContextMenuInvocation.CONTEXT_INTRUDER_PAYLOAD_POSITIONS;
76+
77+
IHttpRequestResponse[] messages = contextMenu.getSelectedMessages();
78+
79+
if (messages != null && messages.length > 0) {
80+
if (request) {
81+
data = messages[0].getRequest();
82+
}
83+
else {
84+
data = messages[0].getResponse();
85+
}
86+
87+
if (data != null) {
88+
selection = contextMenu.getSelectionBounds();
89+
if (selection[0] != selection[1]) {
90+
sdata = callbacks.getHelpers().bytesToString(Arrays.copyOfRange(data,selection[0], selection[1]));
91+
} else {
92+
sdata = callbacks.getHelpers().bytesToString(data);
93+
}
94+
} else {
95+
System.out.println("Data is null");
96+
}
97+
}
98+
paramDialog = new ExtractParamDialog(callbacks, sdata);
99+
paramDialog.setTitle("Extracting parameters/fields");
100+
paramDialog.pack();
101+
paramDialog.setLocationRelativeTo(null);
102+
paramDialog.setVisible(true);
103+
}
104+
}
105+
}

0 commit comments

Comments
 (0)