Part I: Introduction to Burp Extender

July 30, 2018 Prakhar Prasad 2 minutes

    Burp Extender provides necessary extensibility required for creation and execution of Burp Suite extensions. The Extender tab exposes all APIs required for development of custom extensions in the form of Java Interfaces.

    Extender tab showing Burp Extender API

    Java Interfaces

    Before we actually dive deeper; it may make sense for some of the readers to understand about Java Interfaces and the its functionality. Java Interfaces are similar to classes but differ in the way that they only contain method declarations (signatures) and fields.

    Example:

    public interface Animal {
        void eat();
        void move(int x, int y);
    }
    

    Animal is the name of the interface and eat(); and move(int x, int y); are two method declarations of Animal

    An interface can never be instantiated on their own; a class needs to implement an interface and then subsequently override the methods of the interface.

    Extending the previous example, we can create a class Dog and implement the interface Animal in it and override the methods:

    public class Dog implements Animal {
    
        @Override
        public void eat() {
            System.out.println("The dog is eating!");   
        }
    
        @Override
        public void move(int x, int y) {
            System.out.println("The Dog is moving:  " + x + "," + y);
        }
    }
    

    Burp Extender APIs operate in a similar fashion; they expose a lot of interfaces which in turn contains many functional declarations in it. We can implement those in our own classes and utilise the functionality provided by them during the runtime.

    Burp Extender Interfaces

    All Burp Extender API interfaces are prefixed with I e.g IHTTPListener. They are named use-case wise, like:

    • IHTTPListener - Extensions can perform custom analysis or modification of these messages by registering an HTTP listener.
    • IIntruderPayloadProcessor - This interface is used for custom Intruder payload generators.
    • IParameter - This interface is used to hold details about an HTTP request parameter.

    The entire list of Burp Extender Interfaces can be checked here.