PyRules is a Burp Suite extension that provides a simple way to manipulate requests and responses with Python. The state between multiple requests/responses is saved using persistent variables, this way you can create complex rules in a flexible way.
In each Tab there are three panels:
Console screen: to display short messages and the logged data.
Variable screen: here the persistent variables are defined (optional).
Rules screen: the place contains the Python script. This will run with each request/response or on demand by clicking
Once the setup is complete, you only need to enable the tab and it will do it's job.
For Manual installation, download PyRules.py from this repository. From within Burp Suite, select Extender, click Add button, change the Extension type to Python and select PyRules.py.
Requirements for usage
Jython version 2.7.0 or greater needs to be imported. More infos here: https://portswigger.net/burp/help/extender.html#options_pythonenv
Variables screen (bottom-left)
Initial values for persistant variables go here.
- Every edit of the code in intialization screen (focus lost) triggers the execution of the code listed here.
- The state will be maintained when disabling / enabling the tab. To reinitialize the variables click inside this area.
Rules screen (right)
Python script goes here. This code will be executed with each request and response or on demand by clicking
Run once .
Available variables are:
logTo understand how to use them see the provided examples and the api docs.
Notice The code from the simple example should be used for quick tasks. In the advanced example the called functions make sure that the content type of the request gets updated.
log(<variable>)can be used to inspect variables. Strings are displayed directly, pprint is used for other objects.
Expressions that need to be computed only once should be moved in the variables screen. Example: The reqular expressions from simple and advanced examples can be compiled only once:
import re search_request = re.compile("CSRFtoken=([a-zA-Z0-9]*)") search_response = re.compile("name=\"CSRFtoken\" value=\"([a-zA-Z0-9]*)\">") token = ""
- To test if the request/response originates from a certain tool use
if toolFlag == callbacks.<tool>, where
- other value defined by Burp are here
- 999 identifies the execution triggered by
Questions or suggestions? @sec3ty