Guide for Noobs and few curious folks ¯\_(ツ)_/¯ 😄

This repo is a series of handouts which will focus on the development of Burp Suite extensions using IntelliJ & Java Interfaces. When I first started to create extensions for Burp Suite it was a pain to figure out where to start from or even to find straight-forward sequential resources online was difficult.

Burp Suite plugin development is pretty simple, just that there are not much resources online which points in development of such plugins from scratch.

The code presented in the series has been tested with:

• Working with Java and IntelliJ to some extent.
• Understanding of
  • Java Basics
  • Java Interfaces
• Burp 😁

1. What is Burp Extender?
   1. What is Burp Extender?
   2. What are Burp API Extender interfaces?
   3. Setup Dev Environment using IntelliJ
   4. Code
2. Creating a Hello World Extender
   1. Setting up Extender Development Environment
   2. Hello Burp
   3. Understanding Hello Burp
   4. Code
3. Deep Dive into Extender API Interface
   1. Helper Interface
   2. Simple URL Encoder
   3. Interface Registration
   4. Listen for events from Proxy
   5. Code
4. Understanding a use case: Intruder Payload processing
   1. Code
5. Burp Suite Extension - Event Listeners
   1. Code
6. Burp Suite Extension - Custom Session Tokens
   1. Create a Macro
   2. Create Extender Plugin to consume Macro
   3. Link Burp Macro and Session Handling Plugin together
   4. Code
7. Burp Suite Extension - Create HTTP Proxy plugin Example : JWT token on the Go
   1. tl;dr
   2. Step 1 : Implement IMessageEditorTab Interface
   3. JWT decode function
   4. Code
8. Burp Suite Extension - Create a Separate tab plugin : JWT Encode/Decode
   1. tl;dr
   2. Creating new tab in Burp
   3. Creating UI for the tab
   4. Completing the ITab Burp Extender plugin
9. Next steps: Explore different plugins @ Burp official site

This series is targeted for those, who are interested in Security Research, Bug Hunting, Security Engineers etc. The main requirement is to get the best out of this series is that reader should be able to understand the code written in Java.

Burp Offers to write the extensions in Java, Jython, And JRuby. Easiest of all is to prefer writing such extensions in Java. Even I prefer to write it in Java, over the other alternatives because of community support for Java and related tools compared to Jython or JRuby. Writing the same solutions in Jython or JRuby wont be tricky, the extension interfaces exposes similar functionalities, rather it would just requirer the environment (Dev & Runtime) to support those.

This is intentionally not targeted as blog post, rather this have been intentionally kept over GitHub to attract support from Community, from the professionals working in similar domain and from their expertise.