A Burp extension to find stuff ¯\_(ツ)_/¯

Related tags

Kotlin findStuffer
Overview

FindStuffer

FindStuffer, a Burp extension to find stuff, both for Community and Pro versions.

You can use FindStuffer to aggregate as many text queries as needed in one search (in theory). Each query can be individually :

  • Inverted
  • Applied to a specific scope (request, response, both at the same time, or any)
  • Configured to be case-sensitive or case-insensitive

Query aggregation can be and-based or or-based.

short demo

Check out the tutorial for a detailed example.

Tutorial / Demo

In this section I will give an example of how to use FindStuffer v0.0.1. This is not the most recent version but the tutorial is still valid.

Populating with HTTP traffic

First of all, make sure FindStuffer is loaded into your extender importing

Then, generate some HTTP traffic. In this example, traffic has been generated by visiting Google and Github with Firefox, as can be seen in Burp's native proxy tab: images/native_proxy.png

However, since FindStuffer does not implement any proxy / HTTP listening at the moment, it didn't get any of that traffic. The "Repopulate" button fetches the current HTTP history entries made available through Burp's Extender API and resets FindStuffer's history table based on said entries.

images/populate_and_sort.gif

FindStuffin'

For this demo's purposes, let's say you want to find the items meeting all of the following criteria:

  • Request made to the www.google.com host
  • (AND) HTTP response containing the Server header
  • (AND) The Server header's value is not gws

search demo

Note that :

  • The search bar's text changes to reflect the executed search.
  • The search is executed both on the headers and the body. It is executed on any thing that can be shown in the request & response editors.
  • It is possible to add as many fields as possible (theoretically).
  • This demo only showed AND-based aggregation. The radio buttons in the bottom of the search dialog allow you to choose between AND-based and OR-based query aggregation.
  • Changes made to a text field or a checkbox / radio button in the search dialog won't take effect if "OK" isn't used. Simply closing the search dialog will make the search dialog revert to its previous state (with the exception of keeping the added text fields).
  • An empty text field (with no whitespace) is ignored.

Installation

At this moment, you need to import manually a JAR to your Burp from Extender → Extensions → Add. You can compile this code to create the JAR or you can use the one in this project's releases page.

Contributing

If you like the extension and the potential it has to be a practical tool you use often, you are very welcome to contribute to this repo. You can contribute either by giving feedback, requesting features, reporting bugs, or picking an idea from this README / from Github issues and making a pull request.

Dev & debug env setup

TODO : update this with more details if someone actually wants to dev

You need to add burp's JAR as an external library in your IDE's project, and then you use that main function I left in the BurpExtender class to launch Burp from inside the IDE. After that you'll be able to see the stacktraces, set breakpoints, etc.

Possible improvements

This section is about features that are could be useful but are not considered yet for developments in the near future. Features that are being currently worked on are in Github's issues.

Unclumsify UI code

Several Java Swing interfaces were not correctly used in this code, mainly due to the my ignorance when it comes to UI and Java Swing. It is possible that code is very clumsy and that it reimplemented stuff it shouldn't have. But it seemed easier to implement my own sorting / filtering than to learn Swing's seemingly complicated interface, especially in the beginning when I didn't know how to debug the extension in my IDE and didn't have access to any error messages, just failures.

It might be worth it to revisit these parts and make them more "standard" to make contributions easier.

Listeners

It would be nice if the extension registers a proxy or HTTP listener to refresh the tables entires automatically as new HTTP traffic is generated. This however must:

  • be thread-safe
  • take into account existing sorting and filtering
  • be memory-efficient A clever implementation of this could take some serious amount of work.

Global negative search

Besides the negative query option available for each individual text field, implement the possibility of inverting the whole search. This is not really essential because the currently implemented filters allow to do equivalent searches (De Morgan's laws). But still, could be nice.

Columns

Choose which columns can be displayed / hidden. Modify their order. Also add more types of columns (e.g. mime types).

Non-textual queries

This is not the aim of this extension, but might as well make it more practical.

Improve UI and UX

This is really not my area and I hate it. But my extension is indeed kinda ugly.

Comments
  • A query targeting a POST parameter did not work with the scope

    A query targeting a POST parameter did not work with the scope "request"

    A history item with the following request is visible in FindStuffer's history table :

    POST /login.php HTTP/1.1
    Host: somehost.com
    User-Agent: Mozilla/5.0
    Accept: */*
    Content-Length: 32
    Content-Type: application/x-www-form-urlencoded
    Connection: close
    
    username=qwertyui&password=hydra
    

    However, when the query "hydra" is applied over the request, this item did not return. Same thing happened for the ~1000 requests in the project that should've returned.

    This should be investigated and fixed.

    This was observed on Burp v2022.2.4 FindStuffer version v0.1.0-beta

    bug 
    opened by glamorous-noob 1
  • Add a

    Add a "Clear Search" button

    Add a button in the search modal that resets the search modal to its state on startup, meaning only one empty search field with all checkboxes cleared and applied to "request or response" scope.

    Using the "Apply" or "OK" buttons will effectively reset clear the filters and apply this to the table rows. However, exiting the search modal through the top right "x" button, without clicking on "Apply" beforehand, shouldn't change anything. No filters should be cleared or changed in this case.

    enhancement waiting for release 
    opened by glamorous-noob 0
  • NullPointerException in rowMeetsCriteria when the response is null

    NullPointerException in rowMeetsCriteria when the response is null

    To reproduce :

    • Open burp and leave the proxy interception turned on (so no reponses are received)
    • Go to FindStuffer tab
    • Open the search modal and apply one query leaving the scope as "request or response"
    • NullPointerException happens

    Should adapt filters to deal with null responses (and requests out of caution).

    bug waiting for release 
    opened by glamorous-noob 0
  • Implement case sensitive searches

    Implement case sensitive searches

    Add a checkbox for every text query to turn on / off case sensitive searching.

    The UI part is the annoying part.

    Once the UI choice is translated in terms of a boolean value, it should simple be passed to the queryInData function which will pass it to indexOf instead of the hard-coded false here

    enhancement waiting for release 
    opened by glamorous-noob 0
  • Add an

    Add an "Apply" button that executes the search without closing the modal

    If a user wants to test the effect of each added query in a multi-query search, they'd have to see the modal closed every time they click on OK, and they'd have to open it again.

    Adding an "Apply" button that applies the current chosen queries without closing the modal will improve user experience.

    enhancement good first issue waiting for release 
    opened by glamorous-noob 0
  • Add the possibility of applying queries on the scope only

    Add the possibility of applying queries on the scope only

    Check if Burp's Extender API provides a simple predicate for checking whether something is in the scope or not. If it doesn't, search for alternative simple solutions.

    enhancement 
    opened by glamorous-noob 0
  • Investigate the possibility of saving a query for later use

    Investigate the possibility of saving a query for later use

    For starters, is there a Burp Extender API allowing to save user data to the project ? If so then it's a matter of handling the already used QueryObjects with said API.

    If not, then it will need more work.

    enhancement 
    opened by glamorous-noob 1
  • Allow the removal of the first text field

    Allow the removal of the first text field

    In the title. Maybe do this by adding one extra top layer in the gross matryoshka border layout solution. Like a root component that holds the rest of the search fields, but is not one itself.

    enhancement 
    opened by glamorous-noob 0
  • Make the search modal's starting position in the center of Burp's main window

    Make the search modal's starting position in the center of Burp's main window

    Either by modifying the search modal's attributes during creation, or by dynamically setting the coordinates later, it would be good if the modal appeared in the center of the burp window, instead of the top left screen corner.

    enhancement help wanted 
    opened by glamorous-noob 1
Releases(1.0.0)
  • 1.0.0(Apr 10, 2022)

  • v0.0.1-beta(Apr 2, 2022)

    This release has the implementation of these basic features:

    • Applying an arbitrary number to text queries to a search operation
    • Defining a scope for each text query (request, response, request && response, request || response)
    • Inverting a text query
    • Aggregating text queries using a Boolean And logic
    • Aggregating text query using a Boolean Or logic
    Source code(tar.gz)
    Source code(zip)
    FindStuffer-v0.0.1-beta.jar(4.60 MB)
Owner
Raphaël Akladios
Their Glamorous Noobness (TGN for short) goes by glamorous_noob. Pentester and a wannabe Reverse Engineer. This is a personal (non-professional) account.
Raphaël Akladios
find the top coffee shop near by a given location

YelpCoffee&Tea 2 Different Activities (Screens): coffee shop List, coffee shop detail View Android app displays coffee shop locations in specified loc

null 0 Oct 31, 2021
Main goal of this project is to find the best route from one country to another

Route-service Main goal of this project is to find the best route from one country to another. Data is presented as json format. I've implemented A* p

Teyyihan Aksu 4 Aug 2, 2022
An Android app to help runners to find races in France

Onirun Onirun was an Android app to help runners to find races in France. We were a team of 4 people to create the project on our free time : me for t

Alubecki 2 Aug 28, 2022
An extension of EditText with pin style written in Kotlin

pin-edittext An extension of EditText with pin style Usage Include PinCodeEditText in your layout XML <com.oakkub.android.PinEditText android:layo

Metas Kerdwat 15 May 28, 2021
A collection of useful Kotlin extension for Android

karamba A collection of useful Kotlin extension for Android Install Add to gradle in allprojects maven { url 'https://jitpack.io' } then add this com

Matteo Crippa 48 Dec 15, 2022
A collection of useful extension methods for Android

Kotlin Jetpack A collection of useful extension methods for Android Arguments Bindings Preferences Bindings Resources Bindings Arguments Bindings publ

Vladimir Mironov 187 Nov 10, 2022
A set of extension properties on Int, Long, Double, and Duration, that makes it easier to work with Kotlin Duration

Kotlin Duration Extensions Gradle Groovy repositories { mavenCentral() } implementation 'com.eygraber:kotlin-duration-extensions:1.0.1' Kotlin rep

Eliezer Graber 8 Nov 8, 2022
Most used extension methods for Kotlin

Extensify Most used extension methods for Kotlin Download Step 1. Add the JitPack repository to your build file allprojects { repositories {

Mobven 36 Aug 25, 2022
A kotlin library of extension functions that add smalltalk style methods to objects.

KtTalk A kotlin library of extension functions that add smalltalk style methods to objects. Motivation Smalltalk is a pure OO language in which everyt

null 11 Oct 16, 2021
Extension functions over Android's callback-based APIs which allows writing them in a sequential way within coroutines or observe multiple callbacks through kotlin flow.

callback-ktx A lightweight Android library that wraps Android's callback-based APIs into suspending extension functions which allow writing them in a

Sagar Viradiya 171 Oct 31, 2022
A library provides some useful kotlin extension functions

ktext ?? A library provides some useful kotlin extension functions. Including in your project Gradle Add below codes to your root build.gradle file (n

热心市民苏苏仔 76 Oct 26, 2022
Write a Ghidra Extension without using Java or Eclipse!

Ghidra Extension in Kotlin using IntelliJ IDEA Write a Ghidra Extension without using Java or Eclipse! Setup Hit Use this template at the top of the r

Florian Magin 7 Dec 15, 2022
Jackson extension for Mojang's NBT format

Jackson NBT Data Format Implements Mojang's NBT format in jackson. Usage Using this format works just like regular jackson, but with the ObjectMapper

Dyescape 3 Sep 10, 2022
Burp extension to create target specific and tailored wordlist from burp history.

Burp extension to create target specific and tailored wordlist from burp history.

Dexter0us 173 Jan 2, 2023
Burp-ipv - Insertion point visualizer for Burp Suite

Insertion point visualizer for Burp Suite Building Execute ./gradlew build and y

Silent Signal 1 Feb 2, 2022
Burp extension to scan Log4Shell (CVE-2021-44228) vulnerability pre and post auth

Log4J Scanner Burp extension to scan Log4Shell (CVE-2021-44228) vulnerability pre and post auth. Disclaimer I am not responsible for your actions, bur

Dexter0us 94 Nov 22, 2022
Map-vs-list-comparator - The project compares the time needed to find a given element in a map vs the time needed to find a given element in a list.

Map vs List Comparator The project compares the time needed to find a given element in a map vs the time needed to find a given element in a list. To

null 0 Jan 4, 2022
Log4Shell scanner for Burp Suite

Log4Shell scanner for Burp Suite Detailed description can be found in our blog post about this plugin. Comparison Feature Log4Shell scanner (this one)

Silent Signal 459 Dec 20, 2022
Uproot-JS - Extract JavaScript files from burp suite project with ease

Extract JavaScript files from burp suite project with ease. Disclaimer I am not

Dexter0us 50 Aug 8, 2022
Improve automated and semi-automated active scanning in Burp Pro

PentagridScanController Improve automated and semi-automated active scanning for BurpSuite Author: Tobias "floyd" Ospelt, @floyd_ch, http://www.floyd.

Pentagrid AG 48 Dec 13, 2022