Blinks is a powerful Burp Suite extension that automates active scanning with Burp Suite Pro and enhances its functionality. With the integration of webhooks, this tool sends real-time updates whenever a new issue is identified, directly to your preferred endpoint. No more waiting for final reports – you get instant, actionable insights! 🛠️
Note: Blinks only works with Licensed Burp Suite Professional, Make sure you set up your Burp Suite License before setting up Blinks.
Add the path for the Burp Suite Pro JAR file and Jython.jar file inside config.json.
{
"initialURL": {
"url": "https://example.com",
"host": "example.com",
"port": 443,
"protocol": "https"
},
"webhookurl": null,
"crawlonly": null,
"proxyonly": null,
"reporttype": "HTML",
"userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3",
"headers": [],
"staticFileExt": [
"css",
"js",
"png",
"jpg",
"jpeg",
"gif",
"svg"
],
"exclusions": [
"/exclude-this-path",
"/another-exclude-path"
],
"BurpPath": "BURP PATH HERE", <--- Add Burp.jar file path
"jythonPath": "JYTHON PATH HERE" <--- Add Jython.jar file path
}Usage: python3 run.py -u https://example.com -r HTML -w https://webhook.url/endpoint
Arguments:
-h, --help show this help message and exit
-u, --url Single URL to process
-f, --file File containing URLs to process
-w, --webhook Webhook URL (default: NULL)
-r, --reporttype Report type (HTML or XML)
--header Custom headers/cookies to add to the requests (format: HeaderName:HeaderValue), reuse the argument for multiple headers
--crawlonly Perfom crawl only scan, it will save all crawled requests under ./data/
--socks5 Use socks5 for VPN at localhost:9090
$ pip3 install -r requirements.txt$ python3 run.py -u https://example.com -r XML$ python3 run.py -f ./targets.txt -r XML -w https://webhook.url/endpoint$ python3 run.py -f ./targets.txt -r XML -w https://webhook.url/endpoint --header "Cookie:session=value" --header "Authorization: Basic test"$ python3 run.py -f ./targets.txt -r XML -w https://webhook.url/endpoint --crawlonly-
Blinks runs Burp Suite scans in a Blinksless mode, allowing for automation without the need for a graphical user interface (GUI). This makes it ideal for integration into pipelines or remote servers.
-
Single and Batch URL Processing
- Single URL Processing: Easily scan a single target URL.
- Batch URL Processing: Supply a file containing multiple URLs, and Blinks will process each one sequentially, making it efficient for large-scale assessments.
-
Customizable Report Generation
- HTML Reports: Easy-to-read format for human review.
- XML Reports: Structured format for machine processing or further analysis.
-
Webhook Integration for Real-Time Notifications: Blinks supports webhook integration, allowing you to send scan results directly to a specified URL. This feature is particularly useful for real-time monitoring and integration with alerting systems.
-
Crawl Only Mode: If you only need to map out the structure of a web application without performing a full security scan, you can use the Crawl Only mode. This limits the scan to discovering URLs and resources.
-
SOCKS5 Proxy Support For enhanced security during scans, especially in environments requiring VPN connections, Blinks includes support for a SOCKS5 proxy running at
localhost:9090. -
Flexible Configuration Blinks provides a JSON-based configuration file (
config.json) that allows you to customize various aspects of the scan.
- Operating System:
Ubuntu 24.04 LTS (AWS)|Ubuntu WSL|Windows 11 23H2 - Burp Suite Pro Version:
v2024.6.6 - Java Version:
openjdk 21.0.4 2024-07-16
You can attach more Burp extensions by modifying the ./burpconfig/userconfig.json file. For example:
<SNIP>
"extender": {
"extensions": [
{
"errors": "console",
"extension_file": "EXTENSION_PATH",
"extension_type": "python/java/ruby",
"loaded": true,
"name": "Extension Name",
"output": "ui"
}
]
}
<SNIP>This configuration allows you to load and manage multiple Burp extensions, each defined by its file path, type, and other properties. Simply edit the extension_file path and other fields as necessary to load additional extensions.
This project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0).