Skip to content

PentesterFlow/Burp-Integration

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitignore
.gitignore
 
 
README.md
README.md
 
 
pentesterflow_burp.py
pentesterflow_burp.py
 
 

Repository files navigation

PentesterFlow Burp Extension

Jython Burp Suite extension for sending selected Burp traffic into PentesterFlow and importing PentesterFlow-confirmed findings back into Burp Scanner issues.

Start PentesterFlow

pentesterflow --burp

The local bridge listens on http://127.0.0.1:9999 by default.

From a source checkout, use npm's argument separator:

npm run dev -- --burp 9999

Or use the shortcut script:

npm run dev:burp -- 9999

Inside the PentesterFlow TUI, you can also start the listener with:

/burp 9999

Load In Burp

  1. Install/configure Jython 2.7 in Burp: Extensions -> Extension settings -> Python environment.
  2. Add extension: Extensions -> Installed -> Add.
  3. Select Python and load burp-plugin/pentesterflow_burp.py.
  4. Open the PentesterFlow Burp tab and confirm the bridge URL.

Context Menu

Right-click selected Proxy/Repeater/Sitemap messages:

  • PentesterFlow: send request(s) sends traffic to the PentesterFlow capture store.
  • PentesterFlow: send + queue scan captures the request and queues a scan task.
  • PentesterFlow: send + queue /plan captures the request and queues a planning task.
  • PentesterFlow: queue scan for request(s) queues scan tasks under /burp/tasks.
  • PentesterFlow: queue /plan for request(s) queues plan tasks under /burp/tasks.
  • PentesterFlow: add host/domain to scope queues a scope task.
  • PentesterFlow: import issues into Burp imports /burp/issues as Burp Scanner issues.
  • Burp: active scan selected request(s) sends selected requests to Burp's active scanner.

Confirmed PentesterFlow findings are exposed through the bridge as Burp-importable issues when the local ingest server is running.

Smart Mode

The PentesterFlow Burp tab includes optional workflow automation:

  • Auto-send Proxy responses: forwards completed Proxy traffic into PentesterFlow capture.
  • Auto-send Repeater responses: forwards completed Repeater traffic into PentesterFlow capture.
  • Forward Burp Scanner issues: sends Burp Scanner issues to PentesterFlow's /burp/issues queue.
  • Auto import issues on click actions: pulls PentesterFlow issues into Burp after context-menu actions.

Buttons:

  • Show Requests: prints recent captured requests from the bridge.
  • Show Tasks: prints queued scan/plan/scope tasks.
  • Clear Bridge: clears captured requests, tasks, and issue queues from the local bridge.

Troubleshooting Issue Import

If Import Issues logs a successful import but you do not see issues:

  • Check Burp's Target -> Site map for the affected host.
  • Check Dashboard -> Issue activity / Scanner issues.
  • Confirm the finding URL is a full URL such as https://app.example.com/path.
  • Click Check Status first to confirm the plugin can reach http://127.0.0.1:9999.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages