Burp Extension to capture, modify and forward HTTp packets

1.7k views Asked by At

I am trying to write a simple burp extension to capture a HTTP packet, modify it and forward it to the server. I need to do this for some security testing. I started with a code to just print the received packet. Attaching the code below, which i got from various Burp tutorials. I configured Eclipse my proxy to localhost and then ran this code. The code runs fine, Burp opens up correctly and also intercepts the packet but I cant see anything on my IDE console. Please help me out, as I am pretty new to Burp and couldn't understand much from the help available online.

package burp;

public class BurpExtender2 implements IBurpExtender, IHttpListener, IProxyListener
{

private IBurpExtenderCallbacks callbacks;


public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks)
{

    helpers = callbacks.getHelpers();
    callbacks.registerHttpListener(this);
}


public void processHttpMessage(int toolFlag, boolean messageIsRequest,                                          IHttpRequestResponse messageInfo)
{
    System.out.println(
            (messageIsRequest ? "HTTP request to " : "HTTP response from ") +
            messageInfo.getHttpService() +
            " [" + callbacks.getToolName(toolFlag) + "]");
}

public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessage message)
{
      System.out.println(message);

 }
}

I just want to know how i can get the intercepted packet in my Code and then forward it.

1

There are 1 answers

1
dfdumaresq On

I wonder why you're trying to write a Burp extension to capture packets. Wouldn't you use a sniffer for that?

Anyway, thanks to your code, I was able to get myself started writing extensions. Here's what I found with your method processHttpMessage

" [" + callbacks.getToolName(toolFlag) + "]"

Something is buggy here, possibly in the Burp Suite (1.5.16); I couldn't manage to get getToolName to print anything even with a hardcoded int, and it's not possible to put a debugger on Burp, so I gave up.

System.out.println( (messageIsRequest ? "HTTP request to " : "HTTP response from ") + messageInfo.getHttpService());

System.out.println(" [callbacks.getToolName(toolFlag)] = "); System.out.println(callbacks.getToolName(toolFlag));

Anyway, this will print to the console, but you won't see any value for toolFlag.