├── .gitignore
├── images
    └── demo.png
├── updates.md
├── LICENSE
├── README.md
└── CopyAsFFUF.py


/.gitignore:
--------------------------------------------------------------------------------
1 | *.http


--------------------------------------------------------------------------------
/images/demo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/d3k4z/burp-copy-as-ffuf/HEAD/images/demo.png


--------------------------------------------------------------------------------
/updates.md:
--------------------------------------------------------------------------------
1 | 
2 | # Use "Copy and transforms in ffuf command" for creating only the ffuf command
3 | 
4 | # Use "Copy request, ffuf command and tips" for coping the request, the ffuf command and possible tips


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2021 Desmond Miles
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Burp Extension: Copy As FFUF
 2 | 
 3 | ![](images/demo.png)
 4 | 
 5 | ## Description
 6 | 
 7 | `ffuf` ([https://github.com/ffuf/ffuf](https://github.com/ffuf/ffuf)) is gaining a lot of traction within the infosec community as a fast portable web fuzzer. It has been compared and aligned (kinda) to Burp's Intruder functionality. Thus, `Copy As FFUF` is trying to build that interoperatability bridge between the two.
 8 | 
 9 | ## Features
10 | 
11 | - [X] Piping the copied request to a `request.http` file and build a skeleton `ffuf` command
12 | 
13 | ## TODO
14 | 
15 | - [ ] Extend the functionality with additional right-click menu items, like:
16 |     - [ ] Create a `Copy as FFUF` submenu
17 |     - [ ] Copy request and use Burp proxy for verification `Copy as FFUF skeleton, verify via Burp"`
18 |     - [ ] Copy request and use Burp proxy for the attack `Copy as FFUF skeleton, proxy via Burp"`
19 | 
20 | - [ ] Maybe add a simple UI allowing to configure a path to wordlists
21 | 
22 | ## Requirements
23 | 
24 | - Python environment / Jython for Burp Suite
25 | 
26 | ## Installation
27 | 
28 | - Check if jython standalone is present in `Extender -> Options -> Python Environment`
29 | - Load the extention `Extender -> Extensions -> Add -> select path to CopyAsFFUF.py`
30 | 
31 | > Hopefully at some point PortSwigger with make it available in the bApp store
32 | 
33 | ## Known Issue
34 | 
35 | TODO
36 | 
37 | ## Author
38 | 
39 | - d3k4z
40 | 
41 | ## Credits
42 | 
43 | - [burp-copy-requests-response](https://github.com/CompassSecurity/burp-copy-request-response)


--------------------------------------------------------------------------------
/CopyAsFFUF.py:
--------------------------------------------------------------------------------
  1 | from burp import IBurpExtender, IContextMenuFactory, IHttpRequestResponse
  2 | from java.io import PrintWriter
  3 | from java.util import ArrayList
  4 | from javax.swing import JMenuItem
  5 | from java.awt import Toolkit
  6 | from java.awt.datatransfer import StringSelection
  7 | from javax.swing import JOptionPane
  8 | import subprocess
  9 | import tempfile
 10 | import threading
 11 | import time
 12 | 
 13 | class BurpExtender(IBurpExtender, IContextMenuFactory, IHttpRequestResponse):
 14 | 
 15 |     def create_ffuf(self, request):
 16 |         request_str = self.helpers.bytesToString(request)
 17 |         request_lines = request_str.strip().split('\n')
 18 | 
 19 |         # extract method, path, and protocol
 20 |         method, path, protocol = request_lines[0].split()
 21 | 
 22 |         # extract host header
 23 |         host_header = next((header for header in request_lines if header.startswith("Host:")), None)
 24 |         if not host_header:
 25 |             raise ValueError("Request does not contain a Host header")
 26 | 
 27 |         # extract host and port from host header
 28 |         host = host_header[len("Host:"):].strip()
 29 |         port = "80" if protocol == "HTTP/1.1" else "443"
 30 | 
 31 |         # construct the FFUF command
 32 |         url_prefix = "https" if port != "80" else "http"
 33 |         url = "{}://{}/{}".format(url_prefix, host, path.lstrip("/"))
 34 |         ffuf_cmd = "ffuf -w your-wordlist -X {} -u '{}FUZZ'".format(method, url)
 35 | 
 36 |         # extract headers and add them to FFUF command
 37 |         headers = [header for header in request_lines[1:] if not header.startswith("Host:")]
 38 |         for header in headers:
 39 |             header_parts = header.split(':', 1)
 40 |             if len(header_parts) == 2:
 41 |                 header_name, header_value = header_parts
 42 |                 ffuf_cmd += " -H '{}:{}'".format(header_name.strip(), header_value.strip())
 43 | 
 44 |         return ffuf_cmd
 45 | 
 46 |     def str_to_array(self, string):
 47 |         return [ord(c) for c in string]
 48 | 
 49 |     def registerExtenderCallbacks(self, callbacks):
 50 |         callbacks.setExtensionName("Copy as ffuf command")
 51 | 
 52 |         stdout = PrintWriter(callbacks.getStdout(), True)
 53 |         stderr = PrintWriter(callbacks.getStderr(), True)
 54 | 
 55 |         self.helpers = callbacks.getHelpers()
 56 |         self.callbacks = callbacks
 57 |         callbacks.registerContextMenuFactory(self)
 58 | 
 59 |     def createMenuItems(self, invocation):
 60 |         self.context = invocation
 61 |         menuList = ArrayList()
 62 | 
 63 |         menuList.add(JMenuItem("Copy and transforms in ffuf command",
 64 |                 actionPerformed=self.copyRequest))
 65 | 
 66 |         menuList.add(JMenuItem("Copy Request, ffuf command and tips",
 67 |                 actionPerformed=self.copyAllRequest))
 68 | 
 69 |         return menuList
 70 | 
 71 |     def copyRequest(self, event):
 72 |         httpTraffic = self.context.getSelectedMessages()[0]
 73 |         httpRequest = httpTraffic.getRequest()
 74 |         httpRequest = self.helpers.bytesToString(httpRequest)
 75 | 
 76 |         RequestToFfuf = httpRequest
 77 | 
 78 |         ffuf_cmd = self.create_ffuf(RequestToFfuf)
 79 | 
 80 |         self.copyToClipboard(ffuf_cmd)
 81 | 
 82 |         t = threading.Thread(target=self.copyToClipboard, args=(data,True))
 83 |         t.start()
 84 | 
 85 |     def copyAllRequest(self, event):
 86 |         httpTraffic = self.context.getSelectedMessages()[0]
 87 |         httpRequest = httpTraffic.getRequest()
 88 |         httpRequest = self.helpers.bytesToString(httpRequest)
 89 | 
 90 |         RequestToFfuf = httpRequest
 91 | 
 92 |         ffuf_cmd = self.create_ffuf(RequestToFfuf)
 93 | 
 94 |         copy = "---------------------------------\nFrom {httpService}\n---------------------------------\nHEADERS:\n\nEOF\n\n{httpRequest}\nEOF\n---------------------------------\nFFUF COMMAND:\n\n{ffuf_cmd}\n_____________________________________________________________\nThese are the headers and the ffuf command of your request.\nHappy FUZZING and good luck! :)\n_____________________________________________________________"
 95 | 
 96 |         data = copy.format(httpService=httpTraffic.getHttpService(),httpRequest=httpRequest, ffuf_cmd=ffuf_cmd )
 97 | 
 98 |         self.copyToClipboard(data)
 99 | 
100 |         t = threading.Thread(target=self.copyToClipboard, args=(data,True))
101 |         t.start()
102 | 
103 |     def copyToClipboard(self, data, sleep=False):
104 |         if sleep is True:
105 |             time.sleep(1.5)
106 | 
107 |         data = self.helpers.bytesToString(data)
108 |         systemClipboard = Toolkit.getDefaultToolkit().getSystemClipboard()
109 |         systemSelection = Toolkit.getDefaultToolkit().getSystemSelection()
110 |         transferText = StringSelection(data)
111 |         systemClipboard.setContents(transferText, None)
112 |         systemSelection.setContents(transferText, None)
113 | 


--------------------------------------------------------------------------------