At White Oak Security, we do a variety of engagement types. Previously, we’ve written several posts on some of the tools we use, including Burp Suite. To take full advantage of the Burp Suite platform, this post will review some of the super useful BApp Store plugins that are freely available.
The list of plugins we will cover in this post are:
PDF Viewer adds an additional tab to the HTTP message viewer to allow for the rendering of PDF files within the Response view. I tend to make use of this when I have discovered JavaScript injection within a PDF file, I can then quickly render the PDF without having to download the file and open it with a native application.
Here is an example of utilizing the PDF Viewer extension within the Repeater tab. Prior to using the PDF viewer, a HTTP response loading a PDF file will look like the following screenshot.
After selecting “PDF” from the drop-down menu – the PDF will be rendered within the HTTP response, like below.
Wsdler takes a WSDL request, parses out the operations that are associated with the targeted web server, and generates SOAP requests that can be sent to the SOAP endpoints. I’ve used this extension many times to quickly parse the WSDL files are start utilizing the SOAP requests Burp Suite generates.
Navigate to a WSDL file. Example of a HTTP response with a WSDL file below:
Utilizing Burp Suite – right click the HTTP request, select Extensions, select, Wsdler, and then select Parse WSDL (shown below).
Burp Suite then parses the WSDL file and populates the Wsdler tab with the SOAP requests (see screenshot below).
The ExifTool Scanning reads metadata from various filetypes utilizing ExifTool. These files include JPEG, PNG, PDF, DOC, XLS, etc. Details from the metadata could include information useful to an attacker – file creation data, author (usernames), and application version utilized to create the file.
When performing a passive scan of a host, if Burp Suite comes across a filetype extension that ExifTool can scan, it will create an “Information” finding within the issues tab of the host. Here is an example result for a PDF file that was scanned.
“Logger++ is a multithreaded logging extension for Burp Suite. In addition to logging requests and responses from all Burp Suite tools, the extension allows advanced filters to be defined to highlight interesting entries or filter logs to only those which match the filter.” I have run into multiple situations where clients have requested that all requests being sent to the application to be logged. This extension has a multitude of options and configurations that can be fine-tuned to your needs. Here is screenshot of the options section of the Logger++.
The InQL plugin is utilized to facilitate GraphQL security auditing efforts. The InQL extension can quickly discover exposed GraphQL development consoles, discover known GraphQL URL paths, quickly generate documentation for available GraphQL entities, and many other options. I don’t have an example screenshot off hand but be sure if you identify an application utilizing GraphQL – be sure to load of the InQL extension to do some further digging.
This was a quick overview of some freely available Burp Suite plugins that can assist with identification of vulnerabilities, logging output, and improving your Burp Suite experience. If you are looking for a quality security partener to help with any web application penetration testing, be sure to reach out through our White Oak Security contact page.
White Oak Security is a highly skilled and knowledgeable cyber security testing company that works hard to get into the minds of opponents to help protect those we serve from malicious threats through expertise, integrity, and passion.
Read more from White Oak Security’s pentesting team…