Thursday, December 20, 2012

v1.5.03

This release fixes a number of bugs affecting the new extensibility:
  • Extensions are now automatically reloaded on startup when Burp is running in headless mode.
  • A bug introduced in v1.5.02 where Burp won't load a new Python extension unless the JRuby JAR file has been configured, has been fixed.
  • An exception that occurred when adding custom scan issues asynchronously (using IBurpExtenderCallbacks.addScanIssue()) has been fixed.
  • A bug where all custom scan issues were reported in the UI with High severity has been fixed.
  • When an IProxyListener sets one of the XXX_AND_REHOOK intercept actions, when the subsequent call to the listener occurs, the intercept action returned from IInterceptedProxyMessage.getInterceptAction() will now be the same value that was previously set (rather than defaulting back to ACTION_FOLLOW_RULES). This enables extensions to more easily re-identify messages that are being rehooked.
MD5: 98ca55bff9a3572cd86cc0c252a2916e
SHA256: b2db3585ae986ac8eed21aa0cd1b0f96efe70a181c6181286986f2d4dbda619f

Wednesday, December 19, 2012

v1.5.02

This release adds native support for Burp extensions written in Ruby. To use this feature, you'll need to download JRuby, and either configure the location of the JRuby JAR file within the Extender options, or load the JRuby JAR file on startup via the Java classpath.

The code for the following sample extensions has been updated to include versions written in Ruby, which you can use as a template for your own extensions if you wish:
[As with the Python examples, I'm new to Ruby, so apologies if the code isn't to your taste.]

This is still a beta release, pending feedback about the new extensibility framework.

MD5: f5c87fba7aa0c7c738bf2f91e7a4d0a5
SHA256: e36b591d1c2847f6c489b9aa91c8c28bc3ee3925371a868122ed328c95bdb6bf

Monday, December 10, 2012

v1.5.01

Burp has a new extensibility framework. Key features include:
  • Ability to use multiple extensions simultaneously.
  • Dynamic loading and unloading of extensions.
  • Much richer API.
  • Support for Python.
  • Easier extension development for non-programmers.
Read more:
Note that due to the extensive changes that have occurred under the hood, this is a beta release. Also, the draft new API is subject to change in the next release of Burp, based on user feedback.

MD5: 977ce9f6379df0c4d49e49fcb0b631c6
SHA256: d39ae5d2be9c0f6a628d231845da30d4e93628cf740ddc92da7fea8fb65d96ab