Skip to content
/ headless-scanner-driver Public

A Burp Suite extension that starts scanning on requests it sees, and dumps results on standard output

License

Apache-2.0 license
20 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

WithSecureOpenSource/headless-scanner-driver

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
.gitignore
.gitignore
 
 
HeadlessScannerDriver.py
HeadlessScannerDriver.py
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

headless-scanner-driver

Python Burp Suite extension for non-interactive active scanning. Burp and Burp Suite are trademarks of Portswigger, Ltd.

Usage

Load this extension into Burp Extender using the GUI. You also need to acquire the standalone Jython interpreter (version 2.7 or newer) and tell Burp Suite where it is. After this, it will start an active scan for all HTTP requests that are initiated through the proxy.

WARNING: The extension will indiscriminately start active scanning against all URIs it sees, regardless of Burp Suite GUI Active Scanner setting. To protect non-target sites, set a Target Scope and drop all requests not in suite scope.

The extension will write JSON objects to stdout, one per line.

Run Burp Suite in headless mode using:

java -jar -Xmx1g -Djava.awt.headless=true -XX:MaxPermSize=1G burpsuite.jar

The extension intercepts three special kinds of HTTP requests; those to ports 1111, 1112 and 1113.

If you think this sort of in-band signaling is odd, I agree. At the time of writing, I just could not find a well-defined way of communicating to an extension from outside Burp.

Your client can emit HTTP requests to port 1111 to get the extension to emit its status. The status will be a JSON that is a list of pairs of status information. There is one pair per a scanner instance (typically per URL that the extension has seen). The status info pair has the number of findings from that scanner instance, and the completeness as a string. When all of the instances are finished, the scan has finished.

Your client can emit a HTTP request to port 1112 which causes the extension to dump all scanner findings and to cleanly exit.

Your client can emit a HTTP request to port 1113 to dump all scanner findings and end all current scans. New scans can be started after this and issues collected again at any time.

For examples of how to use this from Python, see https://github.com/F-Secure/mittn/blob/master/mittn/headlessscanner/

Bugs

Please report bugs to the GitHub project tracker or just send a patch as a pull request.

Other queries can be sent via email to opensource@f-secure.com.

About

A Burp Suite extension that starts scanning on requests it sees, and dumps results on standard output

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

20 stars

Watchers

15 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages