As part of my research and talk titled "Augmented Reality in your web proxy" presented during the HackPra AllStars program / OWASP AppSec EU 2013 security conference in Hamburg, I decided to release a new Burp Pro extension which integrates Crawljax, Selenium and JUnit.
BurpCSJ extension in action:
I decided to take this approach to increase application spidering coverage (especially for Ajax web apps), speed up complex test-cases and take advantage of the Burp Extender API.
- BurpCSJ extension JAR - download (all dependencies included)
- BurpCSJ source code - github
- "Augmented Reality in your web proxy" - presentation (slideshare)
- Download BurpCSJ;
- Load BurpCSJ extension jar via the Extender tab;
- Choose the URL item from any Burp tab (e.g. target, proxy history, repeater);
- Right click on the URL item;
- Choose menu item "Send URL to Crawljax";
- Crawljax will automatically start crawling the URL that you choose.
Bellissimo, ottimo lavoro!ReplyDelete
I follow you with great fashinated interest on Twitter and in all your conferences.
Attempting to load extension within burp suite on OSX is generating an error. (java.lang.UnsupportedClassVersionError: burp/BurpExtender : Unsupported major.minor version 51.0)ReplyDelete
From what i can tell it is forcing a specific JDK (Java 7?). This will not load with a standard Java installation on OSX and requires updating to a somewhat unsupported Java 7. Can anything be done for compatibility for OSX users?
Hey, thanks for the feedback. I have not tested BurpCSJ on OSX so not sure what exactly could be the issue. Feel free to create a ticket on github: https://github.com/malerisch/burp-csj/issues with full stack trace so I can try to understand why it fails. Thanks.Delete
Great work Roberto, can i also join your fan club? :)ReplyDelete
I heard italian hackers are the best at getting those little black boxes.