# Burp extension to hook requests/responses 

$ cat hooker.py
from burp import IBurpExtender
from burp import IHttpListener
from java.io import PrintWriter

class BurpExtender(IBurpExtender, IHttpListener):

 def registerExtenderCallbacks(self, callbacks):
  self._callbacks = callbacks
  self._helpers = callbacks.getHelpers()
  callbacks.setExtensionName("Hooker")
  callbacks.registerHttpListener(self)
         self.stdout = PrintWriter(callbacks.getStdout(), True)
         self.stderr = PrintWriter(callbacks.getStderr(), True)
  callbacks.issueAlert("Loaded")

 def processHttpMessage(self, toolFlag, messageIsRequest, currentRequest):
         self.stdout.println("processHttpMessage")

  # Process requests
  if messageIsRequest:
   requestInfo = self._helpers.analyzeRequest(currentRequest)

   self.headers = list(requestInfo.getHeaders())
   # Modify headers
   self.setHeader('User-Agent', 'LolBot')

   bodyBytes = currentRequest.getRequest()[requestInfo.getBodyOffset():]
   self.body = self._helpers.bytesToString(bodyBytes)
   # Modify body
   bodysuffix = ''
   newMsgBody = self.body + bodysuffix

   newMessage = self._helpers.buildHttpMessage(self.headers, newMsgBody)
   currentRequest.setRequest(newMessage)

  # Process responses
  else:
   pass

 def deleteHeader(self, header):
  new_headers = []
  for h in self.headers:
   if header not in h:
    new_headers.append(h)
  self.headers = new_headers

 def setHeader(self, header, value):
  new_headers = []
  for h in self.headers:
   if header in h:
    h = header + ': ' + value
   new_headers.append(h)
  self.headers = new_headers

References

https://portswigger.net/burp/extender/
http://www.jython.org/downloads.html
Posted by t0n1
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)