Skip to content
Used to manage burp extensions that I find useful.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
group_vars
roles
templates
.gitignore
LICENSE
README.md
requirements.yml
site.yml

README.md

ansible-burp_extensions

License

Ansible playbook to install Burp extensions.

In case you've stumbled across this project, it's my first Ansible role so try not to judge too harshly. Consider it a work in progress, and let me know how I can make it better.

Setup

Install dependencies:

ansible-galaxy install -r requirements.yml

Create directory for logs:

sudo chown -R <your username>:<suitable group for your user> /var/log/$USER

Make sure ~/.ansible.cfg has the following in it:

[defaults]
log_path = /var/log/<your username>/ansible.log

To run:

  1. Run this command:
ansible-playbook -vvv site.yml
  1. Once the command has finished, load the ~/burpExtensions/burp_user_options.json file in burp for the user options

Included Burp Extensions

  • ActiveScan++
  • AuthMatrix
  • Backslash-Powered-Scanner
  • CO2
  • Content-Type Converter
  • Copy As Python-Requests
  • Freddy, Deserialization Bug Finder - Detect and exploit serialisation libs and APIs
  • HUNT Methodology
  • HUNT Scanner
  • J2EEScan
  • JSON Web Tokens - Used to manipulate JWTs
  • Logger++
  • Paramalyzer
  • Retire.js
  • SAML Raider - Used for testing SAML infrastructure for vulnerabilities
  • Upload Scanner

Limitations

Tested on OS X && Ubuntu 16.04 You need to be sure that the PATH for the version of python you're using with Ansible is set properly in the crontab: crontab -e PATH=<your path> <- put this at the top of the file and save it. If you have a proxy, put your proxy settings in here too: http_proxy=<proxy> etc.

Something Missing?

Let me know: jayson.e.grace@gmail.com

TODO:

  • Modularize
  • Make friendly with other OS's
  • Figure out how to get latest release of an extension from github if offered
  • Create cronjob to destroy and rebuild every week
  • Add Content-Type Converter
  • Add Paramalyzer
  • Add Logger++
  • Add ActiveScan++
  • Add Backslash Powered Scanner
  • Add J2EEScan
  • Add AuthMatrix
  • Add Upload Scanner
  • Add Copy As Python-Requests
  • Add JSON Web Tokens
  • Add Freddy, Deserialization Bug Finder
  • Unarchive bapps
  • Add burp_user_options template
  • Move auto-update to bash script template
  • [] Add logging and log rotation
  • [] Unit tests
  • [] DRY code up
  • [] Travis-CI

License

MIT

You can’t perform that action at this time.