Excited to see AuthHeader Updater on a list of awesome burp extensions!
Pages
Categories
Archives
Find Me Online
AuthHeader Updater listed on snoopysecurity/awesome-burp-extensions
Posted in Burp, Security
Leave a comment
Auth Header Updater Released!
Excited to release Auth Header Updater today – a Burp extension to update Authorization headers during a scan and also guest post about it on ihackthings.online.
Read more about it at ihackthings.online or chs.us.
Source code and plugin available on GitHub.
~
New version of jekyll-clicky!
I’ve updated jekyll-clicky to version 0.1.3. This fixes an issue where some posts weren’t getting the javascript code and changed it to be asynchronous..
Posted in General
Leave a comment
New Burp Extension – Perfmon
Just whipped together a new Burp extension called perfmon (not to be confused with the Windows tool of the same name). I was really interested in the the resource usage of Burp while doing certain activities.
It adds a new tab to Burp and samples every 5 seconds-
* Current and max number of threads in use
* Current and max memory used
* Current and max memory allocated
* Ticker to set how often the stats update. 1 – 5 seconds.
I plan to add a few more things and clean up the UI a bit, but it was an interesting exercise.
The source and plugin are on github.
Posted in Burp, Security
Leave a comment
Writing a Burp Extension – Part One
This is the first part in a series that I plan to write on how to create Burp extensions. I became interested in writing Burp extensions at a previous company where we were fortunate enough to be given time to do research presentations and then present them to our peers. My first presentation topic was to write an Active Scanning extension in Burp that would look for XXE (XML External Entity Injection). I also implemented a standalone app that could run on a host (external from the scan target) and listen for the XXE payload calling out (by making an HTTP request, for example). Literally that same week Collaborator came out and stole my thunder. 🙂 . Last Fall, I was also accepted to DerbyCon and presented a stable talk on Extending Burp.
This series will start with the very basics of creating a working an extension and then continue building out a full-featured extension as we go along. Burp extensions can be written in Java, Ruby (using JRuby), and Python (using Jython). For this series we will write in Java. Here we go…
Extension Basics
In the very simplest case, a Burp extension is a jar file with a class called BurpExtender in a package called Burp. This is the file that Burp looks for when loading an Extension. Based on what you implement in that class is the functionality that the extension will have.
Steps to create a Burp extension
1. In your favorite Java editor, create a project of type “Class Library” or whatever the equivalent project type where the output is a jar file containing the classes from the project
2. Open Burp and go the Extender tab. Click on “Save Interface Files” and save them in a folder called “burp” in your file system where the source is for the project you created in Step 1
3. Create a class called BurpExtender in the burp package in your project and implement IBurpExender. This will require that you implement the registerExtenderCallbacks method. This is the method that you will do any kind of setup for your extension and setup anything that your extension needs
4. Compile the extension into a jar file and load it into Burp by going to Extender -> Extensions -> Add. That will prompt you to specify the type of extension (Java in this example) and the path to the jar file. Click Next and your extension is loaded!
Sample Code
package burp;
package burp;
import java.io.IOException;
import java.io.OutputStream;
import java.util.logging.Level;
import java.util.logging.Logger;
/**** @author chs*/public class BurpExtender implements IBurpExtender
{private IExtensionHelpers helpers;
private static final String EXTENSION_NAME = "Sample Burp Extension";
private OutputStream os;
@Override
public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks)
{this.helpers = callbacks.getHelpers();
callbacks.setExtensionName(EXTENSION_NAME);
os = callbacks.getStdout();
try{os.write("Hello, World".getBytes());
} catch (IOException ex)
{Logger.getLogger(BurpExtender.class.getName()).log(Level.SEVERE, null, ex);
}}}
The interesting lines are 14, 15, and 16. In line 14, getHelpers() returns an object that implements IExtensionHelpers. IExtensionHelpers is an interface that provides methods that are useful by the extension, like encoding/parsing requests/responses, etc. Line 15 sets the name of the extension. This is displayed in the Extender tab. Line 16 saves a reference to the OutputStream for the extension. When you write to it, it shows up in the output window of the extension in the Extender tab.
Once you load the extension and navigate to Extender->Extensions, you will see- 
It shows the name of the extension, it’s location in the filesystem, and methods from the interfaces it implements.
If you click on the Output tab, you will see-
This shows the output from registerExtenderCallbacks.
That’s it for this time. Next post will dive deeper…
Posted in Burp
Leave a comment
BinPeek – an app to determine if a #Windows executable is managed or unmanaged.
BinPeek is an application that checks to see if a Windows application is managed(.NET) or unmanaged(native). It handles x86 and x84 executables. If doing it manually, you must check several values in the PE (Portable Executable) file header that differ slightly based on whether the executable is 32-bit or 64-bit. BinPeek does that work for you.
Usage
D:\source\repos\BinPeek>binpeek BinPeek.exe BinPeek.exe --> Unmanaged
Project Page on Github
Install
Build with Visual Studio or just use the release version in the repo.
License
MIT
Posted in Code, Open Source
Leave a comment
Secure Design Principles
Sitting hear on a cold, snowy day thinking about secure design principles. These are key to think about during the design phase of a feature/project?
Total Mediation – every access to every resource must be validated every time
Economy of Mechanism – keep it as simple as possible
Fail-Safe – in case of failure, default to a secure state
Defense in Depth – layer security
Open Design – the security of a system should not be dependent on secrecy of its design or implementation
Psychological Acceptability – security mechanisms must not make resources more difficult to access then if they weren’t there
Least Privilege – limit access to a system/feature to only those that \*need\* to access it for the shortest duration possible
Minimize attack surface – reduce risk by reducing the attack surface area
Secure Defaults – default to a secure state
Any others you can think of?
Posted in Software Security
Leave a comment
2 Gems Updated
PwnedCheck
PwnedCheck is a gem that checks http://haveibeenpwned.com to see if an email address or user handle has been involved in a breach.
How to Install
gem install PwnedCheck
How to Use
require 'pwnedcheck' # The 4 cases. # foo@bar.com is a valid address on the site # foo232323ce23ewd@bar.com is a valid address, but not on the site # foo.bar.com is an invalid format # mralexgray is a user id in snapchat list = ['foo@bar.com', 'foo232323ce23ewd@bar.com', 'foo.bar.com', 'mralexgray'] list.each do |item| begin sites = PwnedCheck::check(item) if sites.length == 0 puts "#{item} --> Not found on http://haveibeenpwned.com" else sites.each do |site| #site is a hash of data returned puts item puts "\tTitle=#{site['Title']}" puts "\tBreach Date=#{site['BreachDate']}" puts "\tDescription=#{site['Description']}" end end rescue PwnedCheck::InvalidEmail => e puts "#{item} --> #{e.message}" end end
require 'pwnedcheck' # The 4 cases to check for pastes. # foo@bar.com is a valid address on the site # foo232323ce23ewd@bar.com is a valid address, but not on the site # foo.bar.com is an invalid format # mralexgray is a user id in snapchat list = ['foo@bar.com', 'foo232323ce23ewd@bar.com', 'foo.bar.com', 'mralexgray'] list.each do |item| begin sites = PwnedCheck::check_pastes(item) if sites.length == 0 puts "#{item} --> Not found on http://haveibeenpwned.com" else sites.each do |site| #site is a hash of data returned puts item puts "\tSource=#{site['Source']}" puts "\tTitle=#{site['Title']}" puts "\tDate=#{site['Date']}" puts "\tEmail Count=#{site['EmailCount']}" end end rescue PwnedCheck::InvalidEmail => e puts "#{item} --> #{e.message}" end end
Jekyll-Clicky
Jekyll-clicky is a gem to add clicky analytics to a site generated with Jekyll.
Installation
Add this line to your application’s Gemfile:
And then execute:
$ bundle
Or install it yourself as:
$ gem install jekyll-clicky
### Usage Add-
jekyll_clicky: #Add this if you want to track with Clicky analytics
site:
id: ### # Required - replace with your tracking id
to _config.yml in your jekyll site directory. Replace ### with the id of your clicky site.
Posted in Ruby, Security
Leave a comment
Extending Burp at DerbyCon VII
Just finished my talk about extending Burp at Derbycon VII. Thanks to everyone that attended! I’m really thankful for the opportunity to present on the topic.
The Details-
Slides –
Source Code – https://github.com/sampsonc/searchplusplus
I’d love to hear any comments/questions.
Posted in Security
Leave a comment
