Burp proxy extensions

I’ve written some add-ons to Burp Proxy, by @portswigger.

Proxy color

This is a little extension to color your proxy history based on characteristics in the HTTP headers. Very useful when doing multi-user testing scenarios, and you want to be able to distinguish between sessions (or browsers. ) This is how you set it up:

  • Select if the inspection is to be on the request or response

  • Three types of checks, either

    •  Startswith - as it sounds, just checks if a header start matches exactly with what you’ve typed. Useful to e.g. flag server banners or funky headers.
    •  Contains - checks if the specified string is anywhere within the request. Useful for cookies, since may wind up in arbitrary order.
    •  Regexp - allows you to specify a more advanced string.

A few screenshots:

x y

Referrer checker

Inspects the traffic, and looks for cross-domain include of scripts. Burps built-in checks for this is based on HTML-parsing (afaik), which does not give 100% coverage, obviously. My variant instead inspects the http-headers. My Firefox-based analysis shows the following observation:

Requests to domains where referer domain differs from target
Referer Accept-header Cause
origin.com/foo/ */* Probably a script-tag
origin.com/foo/ image/jpeg Image tag
origin.com/foo/ text/html Frame/iframe tag
missing */* Manually entered by the user

So, what the extension does, is simply check for Accept-header */* where target domain differs from referer domain, and flags a warning.

2013-02-22

Source code repos:

 
 
comments powered by Disqus