Burp Extension Development

Thanks to Al for helping me to compile this.

General

For debugging (and modularity in general), be sure to separate out your logic from the file with the BurpExtender class, which is what Burp needs for the thing to work. This file should be stripped down to the bare essentials.

Jython

Install Jython obviously.

You'll find classes you can import from Burp's extender tab.

To import a class, use from burp import <name_here>

For example: from burp import IBurpExtender

Coding in this manner will enable you to debug with pdb using python 2 (Jython has started moving to python 3 compatibility, but isn't there yet), and not have to rely on print statements.

Downsides

  • You aren't able to use a lot of libraries, which (in my opinion) is where a lot of the power of python comes from, aside from how easy it is to code in. Subsequently, if you want something like Beautiful Soup, you're out of luck.

  • No package manager because you are not building a packaged executable.

Java

  1. Download and install IntelliJ
  2. Select New Project
  3. Choose Gradle
  4. Hit next
  5. Select relevant SDK and check Java as additional libraries
  6. Input the name of the project for ArtifactId
  7. Hit next
  8. Use default gradle wrapper
  9. Open up build.gradle and add the following:
apply plugin: 'java'
apply plugin: 'idea'
repositories {
    mavenCentral()
}

dependencies {
    compile 'net.portswigger.burp.extender:burp-extender-api:1.7.13'
}

sourceSets {
    main {
        java {
            srcDir 'src'
        }
    }
}

task bigJar(type: Jar) {
    baseName = project.name + '-all'
    from { configurations.compile.collect { it.isDirectory() ? it : zipTree(it) } }
    with jar
}

This will allow for the generation of a jar file that's required by Burp and includes the burp libraries.

Upsides

External dependencies are great!

Downsides

It's Java.