Last active
May 23, 2023 06:48
-
-
Save jrmdev/8a257ef851124a699ddeaec2a54e66e6 to your computer and use it in GitHub Desktop.
Burp extension to generate the command line to use with SLAB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## | |
## SLAB command generator - Burp Extension | |
## | |
## Download Jython and configure it in the Extender options: | |
## http://search.maven.org/remotecontent?filepath=org/python/jython-standalone/2.5.4-rc1/jython-standalone-2.5.4-rc1.jar | |
## | |
## Right click on any request from different Burp Suite tools and send to the extension | |
## | |
from burp import IBurpExtender, IContextMenuFactory | |
from javax.swing import JPanel, JTextArea, JMenuItem, JScrollPane, JOptionPane | |
from java.io import PrintWriter | |
from java.util import LinkedList | |
from java.awt import Dimension | |
from java.awt.event import ActionListener | |
import re | |
class BurpExtender(IBurpExtender, IContextMenuFactory): | |
def registerExtenderCallbacks(self, callbacks): | |
self.callbacks = callbacks | |
self.helpers = self.callbacks.getHelpers() | |
self.callbacks.setExtensionName('SLAB Command Generator') | |
self.stdout = PrintWriter(self.callbacks.getStdout(), True) | |
self.stderr = PrintWriter(self.callbacks.getStderr(), True) | |
self.stdout.println('Extension loaded') | |
self.callbacks.registerContextMenuFactory(self) | |
def createMenuItems(self, invocation): | |
responses = invocation.getSelectedMessages() | |
if responses > 0: | |
ret = LinkedList() | |
MenuItem1 = JMenuItem("Generate SLAB command") | |
MenuItem1.addActionListener(handleMenuItems(self, responses[0], "MenuItem1")) | |
ret.add(MenuItem1) | |
return ret | |
return None | |
class handleMenuItems(ActionListener): | |
def __init__(self, extender, messageInfo, menuName): | |
self.extender = extender | |
self.menuName = menuName | |
self.messageInfo = messageInfo | |
self.raw_req = self.extender.helpers.bytesToString(messageInfo.getRequest()).strip() | |
self.raw_res = self.extender.helpers.bytesToString(messageInfo.getResponse()).strip() | |
# Work around MST oddities when copy pasting | |
self.raw_req = self.raw_req.replace("\r", "") | |
self.raw_res = self.raw_res.replace("\r", "") | |
self.raw_req = self.raw_req.replace("\x00", "") | |
self.raw_res = self.raw_res.replace("\x00", "") | |
def actionPerformed(self, e): | |
if self.menuName == "MenuItem1": | |
self.genSlabCmd(self.messageInfo) | |
def genSlabCmd(self, messageInfo): | |
request_line = self.raw_req.split('\n')[0] | |
req_match = re.match(r'(\w+)\s+(.+)\s+(.+)$', request_line) | |
method = req_match.group(1) | |
path = req_match.group(2) | |
version = req_match.group(3) | |
host_match = re.search(r'Host:\s*(.+)$', self.raw_req, flags=re.MULTILINE) | |
host = host_match.group(1) | |
url = "https://%s%s" % (host, path) | |
headers = self.raw_req.split("\n\n")[0] | |
headers = headers.split("\n")[1:] | |
hdr_list = [] | |
for header_line in headers: | |
if not header_line.lower().startswith(('host', 'content-length', 'connection', 'accept-encoding')): | |
hdr_list.append(header_line) | |
slab_command = 'slab -u "%s"' % url | |
for hdr in hdr_list: | |
slab_command += ' -h "%s"' % hdr | |
if method == 'POST': | |
post_data = self.raw_req.split("\n\n")[-1] | |
slab_command += ' -d \'%s\'' % post_data | |
text_area = JTextArea(slab_command) | |
text_area.setEditable(False) | |
text_area.setLineWrap(True) | |
scroll_pane = JScrollPane(text_area) | |
scroll_pane.setPreferredSize(Dimension(800, 200)) | |
JOptionPane.showMessageDialog(None, scroll_pane, "SLAB command", JOptionPane.INFORMATION_MESSAGE) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment