Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Burp Extension – Scanner Streamer

Leave a comment Posted by on December 14, 2012

Much like everybody else, I was really looking forward to the new Burp 1.5 professional release and the new Extensions… now that there’s some API documentation and example code out their, I had a little play to see what was possible.

As I had limited time, I played a little with the IScannerListener API to get a feel for things. Although the API is still in draft, there are lots of things in place and it’s definitely more than usable in most situations. There are still some points I’d like to see improved in newer releases (or explained better), but for a .01 release I’m already in love with the possibilities  Hopefully I’ll have some time to rewrite the UAtester tool to work as a Burp Extension of the next few months.

Until then, I’ve thrown together a quick (very quick) extension to display newly discovered scanner findings in the output console. Nothing you can’t already do, but useful to have open in an external window as you browse a site or run manual tests.

burp_scanner_streamer

Yeah… ASCII art is old skool cool 😉

The current script will output new findings on anything you have in-scope. The script will automatically skip displaying findings types that have already been displayed for the host (to avoid flooding the output with the same findings again and again). you can alter this setting and set it to work on all hosts (not just in-scope) within the .py file itself.

burp_scanner_streamer_2

As I said, this is only something I was playing with… but still, let me know what you think 😉

Links:

Penetration Test, Security , ,

Comments are closed.