Part I: Introduction to Burp Extender
Burp Extender provides necessary extensibility required for creation and execution of Burp Suite extensions. The Extender tab exposes all APIs required for development of custom extensions in the form of Java Interfaces.
Extender tab showing Burp Extender API
Java Interfaces
Before we actually dive deeper; it may make sense for some of the readers to understand about Java Interfaces and the its functionality. Java Interfaces are similar to classes but differ in the way that they only contain method declarations (signatures) and fields.
Example:
public interface Animal {
void eat();
void move(int x, int y);
}
Animal is the name of the interface and eat(); and move(int x, int y); are two method declarations of Animal
An interface can never be instantiated on their own; a class needs to implement an interface and then subsequently override the methods of the interface.
Extending the previous example, we can create a class Dog and implement the interface Animal in it and override the methods:
public class Dog implements Animal {
@Override
public void eat() {
System.out.println("The dog is eating!");
}
@Override
public void move(int x, int y) {
System.out.println("The Dog is moving: " + x + "," + y);
}
}
Burp Extender APIs operate in a similar fashion; they expose a lot of interfaces which in turn contains many functional declarations in it. We can implement those in our own classes and utilise the functionality provided by them during the runtime.
Burp Extender Interfaces
All Burp Extender API interfaces are prefixed with I e.g IHTTPListener. They are named use-case wise, like:
IHTTPListener- Extensions can perform custom analysis or modification of these messages by registering an HTTP listener.IIntruderPayloadProcessor- This interface is used for custom Intruder payload generators.IParameter- This interface is used to hold details about an HTTP request parameter.
The entire list of Burp Extender Interfaces can be checked here.