Skip to content
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
63 lines (51 sloc) 1.93 KB
from burp import IBurpExtender
from burp import ISessionHandlingAction
from burp import IParameter
from import PrintWriter
from datetime import datetime
import hashlib
import hmac
import base64
class BurpExtender(IBurpExtender, ISessionHandlingAction):
# implement IBurpExtender
def registerExtenderCallbacks(self, callbacks):
stdout = PrintWriter(callbacks.getStdout(), True)
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
callbacks.setExtensionName("HMAC Header")
stdout.println("HMAC Header Registered OK")
stdout.println("Session handling started")
def getActionName(self):
return "HMAC Header"
def performAction(self, currentRequest, macroItems):
#Update the secret key for HMAC
Secret = "THIS-IS-A-SeCRet"
stdout = PrintWriter(self._callbacks.getStdout(), True)
requestInfo = self._helpers.analyzeRequest(currentRequest)
#Get URL path (the bit after the FQDN)
urlpath = self._helpers.analyzeRequest(currentRequest).getUrl().getPath()
urlpath = self._helpers.urlEncode(urlpath)
#Get body
BodyBytes = currentRequest.getRequest()[requestInfo.getBodyOffset():]
BodyStr = self._helpers.bytesToString(BodyBytes)
#Get time
timestamp =
timestamp = timestamp.isoformat()
#Compute HMAC
content = urlpath+BodyStr+timestamp
_hmac = base64.b64encode(, content, digestmod=hashlib.sha256).hexdigest())
#Add to headers array
headers = requestInfo.getHeaders()
hmacheader = "Authentication Bearer: "+_hmac+":"+timestamp
# Build new HTTP message with the new HMAC header
message = self._helpers.buildHttpMessage(headers, BodyStr)
# Update request with the new header and send it on its way
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.