Next-gen BurpSuite Penetration Testing Tool
samedi 24 octobre 2015
Libellés :
EH Tools
,
Pen-Testing
~
Welcome to the next generation of web application penetration testing - using WebKit to own the web. BurpKit is a BurpSuite plugin which helps in assessing complex web apps that render the contents of their pages dynamically. It also provides a bi-directional JavaScript bridge API which allows users to create quick one-off BurpSuite plugin prototypes which can interact directly with the DOM and Burp's extender API.
System Requirements
BurpKit has the following system requirements:- Oracle JDK >=8u50 and <9 (Download)
- At least 4GB of RA
Installation
Installing BurpKit is simple:- Download the latest prebuilt release from the GitHub releases page.
- Open BurpSuite and navigate to the
Extender
tab. - Under
Burp Extensions
click theAdd
button. - In the
Load Burp Extension
dialog, make sure thatExtension Type
is set toJava
and click theSelect file ...
button underExtension Details
. - Select the
BurpKit-
file and click.jar Next
when done.
-
BurpKitty
: a courtesy browser for navigating the web within BurpSuite. -
BurpScript IDE
: a lightweight integrated development environment for writing JavaScript-based BurpSuite plugins and other things. -
Jython
: an integrated python interpreter console and lightweight script text editor.
BurpScript
BurpScript enables users to write desktop-based JavaScript applications as well as BurpSuite extensions using the JavaScript scripting language. This is achieved by injecting two new objects by default into the DOM on page load:-
burpKit
: provides numerous features including file system I/O support and easy JS library injection. -
burpCallbacks
: the JavaScript equivalent of theIBurpExtenderCallbacks
interface inJava
with a few slight modifications.
examples
folder for more information.
0 commentaires :
Enregistrer un commentaire