Published on September 5th, 2015 📆 | 2917 Views ⚑
0BurpKit — Next-gen BurpSuite penetration testing tool
TTS Demo
BurpKit is a BurpSuite plugin which helps in assessing complex web apps that render the contents of their pages dynamically. As part of its rich feature set, BurpKit provides a bi-directional JavaScript bridge API which allows users to quickly create BurpSuite plugins which can interact directly with the DOM and Burp’s extender API at the same time. This permits BurpSuite plugin developers to run their web application testing logic directly within the DOM itself whilst taking advantage of BurpSuite’s other features as well!
System Requirements
BurpKit has the following system requirements:
- Oracle JDK >=8u50 and <9 (Download)
- At least 4GB of RAM
Installation
Installing BurpKit is simple:
- Download the latest prebuilt release from the GitHub releases page.
- Open BurpSuite and navigate to the Extender tab.
- Under Burp Extensions click the Add button.
- In the Load Burp Extension dialog, make sure that Extension Type is set to Java and click the Select file … button under Extension Details.
- Select the BurpKit-<version>.jar file and click Next when done.
If all goes well, you will see three additional top-level tabs appear in BurpSuite:
- BurpKitty: a courtesy browser for navigating the web within BurpSuite.
- BurpScript IDE: a lightweight integrated development environment for writing JavaScript-based BurpSuite plugins and other things.
- Jython: an integrated python interpreter console and lightweight script text editor.
Compiling BurpKit
BurpKit is distributed as an IntelliJ IDEA project. Once the project is opened in IntelliJ, compilation should be trivial. The JAR file can be built using the Build Artifacts...
menu item under the Build
menu. The compiled output will appear under the out
directory.
[adsense size='1']
BurpScript
BurpScript enables users to write desktop-based JavaScript applications as well as BurpSuite extensions using the JavaScript scripting language. This is achieved by injecting two new objects by default into the DOM on page load:
- burpKit: provides numerous features including file system I/O support and easy JS library injection.
- burpCallbacks: the JavaScript equivalent of the IBurpExtenderCallbacks interface in Javawith a few slight modifications.
Gloss