Skip to content
This repository has been archived by the owner on Dec 15, 2023. It is now read-only.

elespike/burp-cph

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

120 Commits
utils
utils
 
 
BappDescription.html
BappDescription.html
 
 
BappManifest.bmf
BappManifest.bmf
 
 
CPH_Config.py
CPH_Config.py
 
 
CPH_Help.py
CPH_Help.py
 
 
CustomParamHandler.py
CustomParamHandler.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
tinyweb.py
tinyweb.py
 
 

Repository files navigation

Custom Parameter Handler extension for Burp Suite: a power tool for modifying HTTP messages with surgical precision, even when using macros.

The quicksave and quickload functionality persists through reloading not only the extension, but Burp Suite entirely. All values of each existing configuration tab will be saved, along with the order of all tabs.

Use the Export/Import Config buttons to save/load your current configuration to/from a JSON file.

Manual installation

  1. Download the latest release file; e.g., CustomParameterHandler_3.0.py
  2. Under Extender > Options > Python Environment, point Burp to the location of your copy of Jython's standalone .jar file. a. If you don't already have Jython's standalone .jar file, download it here.
  3. Finally, add CustomParamHandler_3.0.py in Extender > Extensions.

Installation from the BApp store

  1. Under Extender > Options > Python Environment, point Burp to the location of your copy of Jython's standalone .jar file. a. If you don't already have Jython's standalone .jar file, download it here.
  2. Find and select Custom Parameter Handler within the Extender > BApp Store tab, then click the Install button.

Adding configuration tabs

  • Click '+' to add an empty tab; or
  • Select one or many requests from anywhere in Burp, right-click, and choose Send to CPH.
    This will create as many tabs as the number of selected requests, and populate each tab with each selected request to be issued for parameter extraction.

Enabling/Disabling configuration tabs

Simply click the checkbox next to the tab's name. New tabs are enabled by default but require a valid configuration in order to have any effect.

Reordering configuration tabs

  • Click the '<' and '>' buttons to swap the currently selected tab with its preceding or succeeding neighbor.

Leftmost tabs will be processed first; therefore, tab order may be important, especially when extracting values from cached responses.

Visit the Wiki to learn more about utilizing cached responses.

Tab configuration at a glance

Scoping

Depending on the selected option, this tab will take action on either:

  • Requests only, Responses only, or both Requests and Responses; then either
    • All requests coming through Burp which are also in Burp's scope; or
    • Requests coming through Burp, in Burp's scope, and also matching the given expression.

Parameter handling

The supplied expression will be used to find the value that will be replaced with the replacement value.

RegEx features may be used to fine-tune modifications. Visit the Wiki to learn more.

When targeting a subset of matches, enter comma-separated, zero-based indices or slices (following Python's slice syntax). E.g.: 1,3,6:9 would act on the 2nd, 4th, 7th, 8th and 9th matches.

If not using a static value, the supplied expression will be used to find the desired replacement value.

Please visit the Wiki for explanations on the remaining options.

About

Custom Parameter Handler extension for Burp Suite.

Resources

Readme

License

MIT license
Activity

Stars

43 stars

Watchers

5 watching

Forks

12 forks
Report repository

Releases 3

3.0 Latest
Feb 10, 2019
+ 2 releases

Packages

No packages published

Contributors 6

Languages