GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → bytebutcher → Burp Send To

bytebutcher / Burp Send To

Adds a customizable "Send to..."-context-menu to your BurpSuite.

Programming Languages

java
68154 projects - #9 most used programming language

Labels

hackingpentestingextensionburpsuite

Projects that are alternatives of or similar to Burp Send To

Burpsuite Xkeys
A Burp Suite Extension to extract interesting strings (key, secret, token, or etc.) from a webpage.
Stars: ✭ 144 (+26.32%)
Mutual labels:  hacking, pentesting, burpsuite
Gitjacker
🔪 Leak git repositories from misconfigured websites
Stars: ✭ 1,249 (+995.61%)
Mutual labels:  hacking, pentesting
Decoder Plus Plus
An extensible application for penetration testers and software developers to decode/encode data into various formats.
Stars: ✭ 79 (-30.7%)
Mutual labels:  pentesting, burpsuite
Blackrat
BlackRAT - Java Based Remote Administrator Tool
Stars: ✭ 87 (-23.68%)
Mutual labels:  hacking, pentesting
Netmap.js
Fast browser-based network discovery module
Stars: ✭ 70 (-38.6%)
Mutual labels:  hacking, pentesting
Burp Bounty Profiles
Burp Bounty profiles compilation, feel free to contribute!
Stars: ✭ 76 (-33.33%)
Mutual labels:  hacking, burpsuite
Pentesting toolkit
🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️
Stars: ✭ 1,268 (+1012.28%)
Mutual labels:  hacking, pentesting
Burpsuite Collections
BurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+848.25%)
Mutual labels:  pentesting, burpsuite
Web Brutator
Fast Modular Web Interfaces Bruteforcer
Stars: ✭ 97 (-14.91%)
Mutual labels:  hacking, pentesting
Ctfr
Abusing Certificate Transparency logs for getting HTTPS websites subdomains.
Stars: ✭ 1,535 (+1246.49%)
Mutual labels:  hacking, pentesting
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 1,392 (+1121.05%)
Mutual labels:  hacking, pentesting
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+896.49%)
Mutual labels:  hacking, pentesting
Resources
A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-45.61%)
Mutual labels:  hacking, pentesting
Githacktools
The best Hacking and PenTesting tools installer on the world
Stars: ✭ 78 (-31.58%)
Mutual labels:  hacking, pentesting
Kill Router
Ferramenta para quebrar senhas administrativas de roteadores Wireless, routers, switches e outras plataformas de gestão de serviços de rede autenticados.
Stars: ✭ 57 (-50%)
Mutual labels:  hacking, pentesting
Zynix Fusion
zynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else.
Stars: ✭ 84 (-26.32%)
Mutual labels:  hacking, pentesting
Oscp Prep
my oscp prep collection
Stars: ✭ 105 (-7.89%)
Mutual labels:  hacking, pentesting
Pentesting Bible
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+7778.07%)
Mutual labels:  hacking, pentesting
Spellbook
Micro-framework for rapid development of reusable security tools
Stars: ✭ 53 (-53.51%)
Mutual labels:  hacking, pentesting
Swurg
Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
Stars: ✭ 94 (-17.54%)
Mutual labels:  pentesting, burpsuite
View All Similar Projects ➔

Burp-Send-To-Extension

Adds a customizable "Send to..."-context-menu to your BurpSuite.

Burp-Send-To-Extension Tab

Configuration

After loading the extension the "Send to"-Tab contains all necessary options to configure the "Send to"-context-menu.

New context-menu-entries can be added using the "Add"-button. Each entry consists of following fields:

  • Name: the name of the context-menu-entry.
  • Command: the command to be executed. You can use following placeholders:
    • %H: will be replaced with the host
    • %P: will be replaced with the port
    • %T: will be replaced with the protocol
    • %U: will be replaced with the url
    • %A: will be replaced with the url path
    • %Q: will be replaced with the url query
    • %C: will be replaced with the cookies
    • %L: will be replaced with the HTTP-content-length
    • %M: will be replaced with the HTTP-method
    • %O: will be replaced with the HTTP-status-code
    • %S: will be replaced with the selected text
    • %F: will be replaced with the path to a temporary file containing the selected text
    • %R: will be replaced with the path to a temporary file containing the content of the focused request/response
    • %E: will be replaced with the path to a temporary file containing the header of the focused request/response
    • %B: will be replaced with the path to a temporary file containing the body of the focused request/response
  • Group: the name of the sub-menu in which this entry will be shown. Can be left blank.
  • Run in terminal: defines whether a terminal-window should appear in which the configured command is executed. By default "xterm" is used as terminal-emulator. You can change the terminal-emulator in the "Miscellaneous Options" to your liking.
  • Show preview: gives you the chance to preview and change the command before executing it.
  • Output should replace selection: will replace the selection with the output of the to be executed command.

Burp-Send-To-Extension Add-/Edit-Dialog

In addition it is possible to customize how placeholders behave when multiple HTTP messages are selected by clicking the "Advanced"-button. By default each selected HTTP message forms a separate command. However, it is also possible to join all values of a specific placeholder using a custom separator, or to store all values of a specific placeholder within a file.

Burp-Send-To-Extension Advanced-Dialog

After creating new context-menu-entries using the "Add"-button they can be edited or deleted again using the "Edit"- and "Remove"-button. In addition the order in which they appear in the context-menu can be altered using the "Up"- and "Down"-button.

Burp-Send-To-Extension Tab

Terminal Options

The "Terminal Options" allow to configure the graphical terminal to use. In addition it is possible to specify how multiple commands should be run in terminal. Multiple commands can either be run sequential in a single terminal or in parallel in separate terminals. While it's possible to choose a default behaviour, the exact behaviour can also be selected via a dialog, everytime a send-to context menu entry is selected. However, if you prefer one behaviour all the time, this dialog can also be disabled.

Context-Menu

The "Send to..." context-menu contains all entries which were added in the "Send to"-Tab. In addition you can add new entries via the "Custom command..."-context-menu-entry.

Request Field

Burp-Send-To-Extension Context-Menu

Proxy History

Burp-Send-To-Extension Context-Menu

Save and load options

Usually the options of the "Send to"-Tab are saved automatically. However, if you switch computers you may save and load your current options. This can be done by clicking on the gear-symbol in the upper-left corner of the "Send to"-Tab and select the appropriate context-menu-entry.

Burp-Send-To-Extension Options

Security Notes

Executing commands based on untrusted input always introduces the risk of command injection. This is especially true when using the %S placeholder. Thus it is recommended to always activate the Show preview option when using the %S placeholder and closely analyse commands in the preview window prior to execution.

Burp-Send-To-Extension Options

Build

This project was built using IntelliJ and Gradle. When you make changes to the source (and especially the GUI) you should apply following settings within Intellij to make sure that everything builds successfully:

  • File -> Settings -> Editor -> GUI Designer -> Generate GUI into: Java source
  • File -> Settings -> Build, Execution, Deployment -> Compiler -> Build project automatically
  • File -> Settings -> Build, Execution, Deployment -> Build Tools -> Gradle -> Build and run using: IntelliJ IDEA

When the GUI is not updated correctly you may rebuild the project manually:

  • Build -> Rebuild Project

After that you can execute the "fatJar"-task within the "build.gradle"-file. This will produce a jar in the "build/libs/" directory called "burp-send-to-extension-{version}.jar".

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].