├── java ├── .gitignore ├── settings.gradle ├── build.gradle └── BurpExtender.java ├── README.md ├── ruby └── EventListeners.rb └── python └── EventListeners.py /java/.gitignore: -------------------------------------------------------------------------------- 1 | .gradle/ 2 | build/ 3 | -------------------------------------------------------------------------------- /java/settings.gradle: -------------------------------------------------------------------------------- 1 | rootProject.name = 'EventListeners' 2 | -------------------------------------------------------------------------------- /java/build.gradle: -------------------------------------------------------------------------------- 1 | apply plugin: 'java' 2 | 3 | repositories { 4 | mavenCentral() 5 | } 6 | 7 | dependencies { 8 | compile 'net.portswigger.burp.extender:burp-extender-api:1.7.13' 9 | } 10 | 11 | sourceSets { 12 | main { 13 | java { 14 | srcDir '.' 15 | } 16 | } 17 | } 18 | 19 | task fatJar(type: Jar) { 20 | baseName = project.name + '-all' 21 | from { configurations.compile.collect { it.isDirectory() ? it : zipTree(it) } } 22 | with jar 23 | } 24 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Sample Burp Suite extension: event listeners 2 | 3 | This extension demonstrates how to register listeners for various runtime 4 | events: 5 | - HTTP requests and responses for all Burp tools. 6 | - HTTP messages intercepted by the Proxy. 7 | - Addition of new scan issues. 8 | - The extension being unloaded by the user. 9 | 10 | The sample extension simply prints a message to its output stream when an event 11 | occurs. 12 | 13 | Registering an extension state listener is particularly important for any 14 | extension that starts background threads or opens system resources (such as 15 | files or database connections). The extension should listen for itself being 16 | unloaded by the user, and should terminate any background threads or close any 17 | open resources when this event occurs. This good practice enables the user to 18 | fully unload the extension via the Burp UI. 19 | 20 | This repository includes source code for Java, Python and Ruby. 21 | -------------------------------------------------------------------------------- /ruby/EventListeners.rb: -------------------------------------------------------------------------------- 1 | require 'java' 2 | java_import 'burp.IBurpExtender' 3 | java_import 'burp.IHttpListener' 4 | java_import 'burp.IProxyListener' 5 | java_import 'burp.IScannerListener' 6 | java_import 'burp.IExtensionStateListener' 7 | 8 | class BurpExtender 9 | include IBurpExtender, IHttpListener, IProxyListener, IScannerListener, IExtensionStateListener 10 | 11 | # 12 | # implement IBurpExtender 13 | # 14 | 15 | def registerExtenderCallbacks(callbacks) 16 | # keep a reference to our callbacks object 17 | @callbacks = callbacks 18 | 19 | # set our extension name 20 | callbacks.setExtensionName "Event listeners" 21 | 22 | # obtain our output stream 23 | @stdout = java.io.PrintWriter.new callbacks.getStdout, true 24 | 25 | # register ourselves as an HTTP listener 26 | callbacks.registerHttpListener self 27 | 28 | # register ourselves as a Proxy listener 29 | callbacks.registerProxyListener self 30 | 31 | # register ourselves as a Scanner listener 32 | callbacks.registerScannerListener self 33 | 34 | # register ourselves as an extension state listener 35 | callbacks.registerExtensionStateListener self 36 | end 37 | 38 | # 39 | # implement IHttpListener 40 | # 41 | 42 | def processHttpMessage(toolFlag, messageIsRequest, messageInfo) 43 | @stdout.println( 44 | (messageIsRequest ? "HTTP request to " : "HTTP response from ") + 45 | messageInfo.getHttpService.toString + 46 | " [" + @callbacks.getToolName(toolFlag) + "]") 47 | end 48 | 49 | # 50 | # implement IProxyListener 51 | # 52 | 53 | def processProxyMessage(messageIsRequest, message) 54 | @stdout.println( 55 | (messageIsRequest ? "Proxy request to " : "Proxy response from ") + 56 | message.getMessageInfo.getHttpService.toString) 57 | end 58 | 59 | # 60 | # implement IScannerListener 61 | # 62 | 63 | def newScanIssue(issue) 64 | @stdout.println "New scan issue: #{issue.getIssueName}" 65 | end 66 | 67 | # 68 | # implement IExtensionStateListener 69 | # 70 | 71 | def extensionUnloaded() 72 | @stdout.println "Extension was unloaded" 73 | end 74 | end 75 | -------------------------------------------------------------------------------- /python/EventListeners.py: -------------------------------------------------------------------------------- 1 | from burp import IBurpExtender 2 | from burp import IHttpListener 3 | from burp import IProxyListener 4 | from burp import IScannerListener 5 | from burp import IExtensionStateListener 6 | from java.io import PrintWriter 7 | 8 | class BurpExtender(IBurpExtender, IHttpListener, IProxyListener, IScannerListener, IExtensionStateListener): 9 | 10 | # 11 | # implement IBurpExtender 12 | # 13 | 14 | def registerExtenderCallbacks(self, callbacks): 15 | # keep a reference to our callbacks object 16 | self._callbacks = callbacks 17 | 18 | # set our extension name 19 | callbacks.setExtensionName("Event listeners") 20 | 21 | # obtain our output stream 22 | self._stdout = PrintWriter(callbacks.getStdout(), True) 23 | 24 | # register ourselves as an HTTP listener 25 | callbacks.registerHttpListener(self) 26 | 27 | # register ourselves as a Proxy listener 28 | callbacks.registerProxyListener(self) 29 | 30 | # register ourselves as a Scanner listener 31 | callbacks.registerScannerListener(self) 32 | 33 | # register ourselves as an extension state listener 34 | callbacks.registerExtensionStateListener(self) 35 | 36 | # 37 | # implement IHttpListener 38 | # 39 | 40 | def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): 41 | self._stdout.println( 42 | ("HTTP request to " if messageIsRequest else "HTTP response from ") + 43 | messageInfo.getHttpService().toString() + 44 | " [" + self._callbacks.getToolName(toolFlag) + "]") 45 | 46 | # 47 | # implement IProxyListener 48 | # 49 | 50 | def processProxyMessage(self, messageIsRequest, message): 51 | self._stdout.println( 52 | ("Proxy request to " if messageIsRequest else "Proxy response from ") + 53 | message.getMessageInfo().getHttpService().toString()) 54 | 55 | # 56 | # implement IScannerListener 57 | # 58 | 59 | def newScanIssue(self, issue): 60 | self._stdout.println("New scan issue: " + issue.getIssueName()) 61 | 62 | # 63 | # implement IExtensionStateListener 64 | # 65 | 66 | def extensionUnloaded(self): 67 | self._stdout.println("Extension was unloaded") 68 | -------------------------------------------------------------------------------- /java/BurpExtender.java: -------------------------------------------------------------------------------- 1 | package burp; 2 | 3 | import java.io.PrintWriter; 4 | 5 | public class BurpExtender implements IBurpExtender, IHttpListener, 6 | IProxyListener, IScannerListener, IExtensionStateListener 7 | { 8 | private IBurpExtenderCallbacks callbacks; 9 | private PrintWriter stdout; 10 | 11 | // 12 | // implement IBurpExtender 13 | // 14 | 15 | @Override 16 | public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) 17 | { 18 | // keep a reference to our callbacks object 19 | this.callbacks = callbacks; 20 | 21 | // set our extension name 22 | callbacks.setExtensionName("Event listeners"); 23 | 24 | // obtain our output stream 25 | stdout = new PrintWriter(callbacks.getStdout(), true); 26 | 27 | // register ourselves as an HTTP listener 28 | callbacks.registerHttpListener(this); 29 | 30 | // register ourselves as a Proxy listener 31 | callbacks.registerProxyListener(this); 32 | 33 | // register ourselves as a Scanner listener 34 | callbacks.registerScannerListener(this); 35 | 36 | // register ourselves as an extension state listener 37 | callbacks.registerExtensionStateListener(this); 38 | } 39 | 40 | // 41 | // implement IHttpListener 42 | // 43 | 44 | @Override 45 | public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) 46 | { 47 | stdout.println( 48 | (messageIsRequest ? "HTTP request to " : "HTTP response from ") + 49 | messageInfo.getHttpService() + 50 | " [" + callbacks.getToolName(toolFlag) + "]"); 51 | } 52 | 53 | // 54 | // implement IProxyListener 55 | // 56 | 57 | @Override 58 | public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessage message) 59 | { 60 | stdout.println( 61 | (messageIsRequest ? "Proxy request to " : "Proxy response from ") + 62 | message.getMessageInfo().getHttpService()); 63 | } 64 | 65 | // 66 | // implement IScannerListener 67 | // 68 | 69 | @Override 70 | public void newScanIssue(IScanIssue issue) 71 | { 72 | stdout.println("New scan issue: " + issue.getIssueName()); 73 | } 74 | 75 | // 76 | // implement IExtensionStateListener 77 | // 78 | 79 | @Override 80 | public void extensionUnloaded() 81 | { 82 | stdout.println("Extension was unloaded"); 83 | } 84 | } --------------------------------------------------------------------------------