Burp Fuzzing Plugin

[ColdHeat]

Burp plugin to use Burp Repeater functionality to fuzz web applications.

The plugin needs to:

• generate lists of POST/GET data
• send items from lists of payloads to sites

The documentation for Burp Extender is poor and the approach for writing this plugin is unclear. Work needs to be done in deciphering the documentation, scripting Burp Repeater to submit information pragmatically, and keep track of requests and their appropriate responses.

http://portswigger.net/burp/extender/

The plugin can be written in Java, Jython, or JRuby. Most likely given the preferences in the lab, Jython will be chosen as the plugin language. In addition, it is probable that the Burp Extender demo extensions will be of more assistance than the Extender documentation if you choose to use Jython or JRuby.

[HockeyInJune]

• https://github.com/tduehr/buby
• https://github.com/mwielgoszewski/jython-burp-api

[HanLee]

Hi, just came across this project, I did a CSRF plugin in java for the free version of burp before, you can find it here: https://github.com/HanLee/Burp-Suite-CSRF-PoC-plugin

How is this project going? Can I be of assistance in anyway?

Edit: Also @HockeyInJune anyway I can assist in your web application vulnerability scanner?