Deep Dive: Burp Extender API Interfaces
In this lesson, we will cover the Extender API interfaces and their use cases.
We'll cover the following
Helper Interface
In the last lesson on the Hello World extension, we used the callback object’s methods twice to set the name of the extension and display a message on the “Alert” tab. The Callback
interface is very helpful because it offers plenty of other resources as instance objects.
One of the most important methods shared by callbacks is getHelpers()
. This method returns an object of IExtensionHelperstype
which, as the name suggests, helps make boring tasks easier. The object contains multiple methods such as:
analyzeRequest()
: This method can be used to analyze an HTTP request and obtain various key details about it.analyzeResponse()
: This method can be used to analyze an HTTP response and obtain various key details about it.base64Encode()
: This method can be used to Base64-encode the specified data.base64Decode()
: This method can be used to decode Base64-encoded data.urlDecode()
: This method can be used to URL-decode specified data.urlEncode()
: This method can be used to URL-encode specified data.
The full list of extension helpers can be found on Portswigger’s official website.
Simple URL encoder
Let’s create a very simple static URL encoder with the process we have learned. We will use the same process to create a base class that will receive an IBurpExtenderInterface
as a callback object. This will be used to get a helper instance and, eventually, create an encoded string for the static URL and be used to display encoded text in the “Alerts” tab. The code is pretty straightforward.
Get hands-on with 1400+ tech skills courses.