Pentest Tools

Published on September 5th, 2015 📆 | 2917 Views ⚑

0

BurpKit — Next-gen BurpSuite penetration testing tool


TTS Demo
BurpKit is a BurpSuite plugin which helps in assessing complex web apps that render the contents of their pages dynamically. As part of its rich feature set, BurpKit provides a bi-directional JavaScript bridge API which allows users to quickly create BurpSuite plugins which can interact directly with the DOM and Burp’s extender API at the same time. This permits BurpSuite plugin developers to run their web application testing logic directly within the DOM itself whilst taking advantage of BurpSuite’s other features as well!

 

System Requirements

BurpKit has the following system requirements:

  • Oracle JDK >=8u50 and <9 (Download)
  • At least 4GB of RAM
 [adsense size='1']

 

Installation

Installing BurpKit is simple:

  1. Download the latest prebuilt release from the GitHub releases page.
  2. Open BurpSuite and navigate to the Extender tab.
  3. Under Burp Extensions click the Add button.
  4. In the Load Burp Extension dialog, make sure that Extension Type is set to Java and click the Select file … button under Extension Details.
  5. Select the BurpKit-<version>.jar file and click Next when done.

If all goes well, you will see three additional top-level tabs appear in BurpSuite:

  1. BurpKitty: a courtesy browser for navigating the web within BurpSuite.
  2. BurpScript IDE: a lightweight integrated development environment for writing JavaScript-based BurpSuite plugins and other things.
  3. Jython: an integrated python interpreter console and lightweight script text editor.

 

Compiling BurpKit

BurpKit is distributed as an IntelliJ IDEA project. Once the project is opened in IntelliJ, compilation should be trivial. The JAR file can be built using the Build Artifacts... menu item under the Buildmenu. The compiled output will appear under the out directory.





[adsense size='1']

BurpScript

BurpScript enables users to write desktop-based JavaScript applications as well as BurpSuite extensions using the JavaScript scripting language. This is achieved by injecting two new objects by default into the DOM on page load:

  1. burpKit: provides numerous features including file system I/O support and easy JS library injection.
  2. burpCallbacks: the JavaScript equivalent of the IBurpExtenderCallbacks interface in Javawith a few slight modifications.

 

 

Source && Download



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑