Jython Installation
This module covers how to create your very first, custom BurpSuite extension, kind of a "hello world" for BurpSuite extensions. We will build the extension using the Python programming language. BurpSuite is built with Java, so we need to use a package named Jython, which essentially translates our Python code into Java format.
Currently, Jython only supports Python2, so it's important to remember that we cannot use Python3 features when writing extensions.
Let's start by downloading the necessary Jython package here. The correct file is named jython-standalone-2.7.4.jar. Once you have downloaded this file, open the BurpSuite program and go to the Extensions window.
Select Extensions Settings and then set the Jython JAR package you recently downloaded to the Python environment section.
After this, you can make sure that it works by trying to install the Autorize extension from Burp's extension catalog. This requires Jython to function. If you can install this, then everything is working as it should.
Installing Your Own Extension into the BurpSuite Environment
Next, let's create our own BurpSuite extension and install it into Burp. Create a new file and save the following Python code into it.
```python
from burp import IBurpExtender
from burp import IHttpListener
class BurpExtender(IBurpExtender, IHttpListener):
# This function is called during installation
def registerExtenderCallbacks(self, callbacks):
# Create references to important classes, add more later
self.callbacks = callbacks
self.helpers = callbacks.getHelpers()
# Set the extension name
callbacks.setExtensionName("Hello World - plugin")
# Register the HTTP listener functionality
# Important for later
callbacks.registerHttpListener(self)
# Print in the Burp Environment and ensure functionality
print("Hello World")
```Next, add the file by selecting Add from BurpSuite, choose Python in the Extension Type field, and select the extension file.
You have now installed your very own BurpSuite extension!
Understanding the Code
The course assumes a basic understanding of the Python programming language as well as the functioning of BurpSuite, so not all aspects of the code will be delved into extensively. However, it is important to understand the key aspects of the code:
- registerExtenderCallbacks - Function called by the Burp program when the extension is installed.
- setExtensionName - Function used to set the name of the extension, which will then be displayed in Burp.
- registerHttpListener - Function that informs Burp that the extension wants to listen to/manipulate HTTP traffic. Important later in the course.
All key information regarding building BurpSuite extensions using these functions / interfaces, can be found here: https://portswigger.net/burp/extender/api/burp/package-summary.html
This will be used and referred to a lot in this course. Therefore, it's worth familiarizing yourself with it.
What is the description of the registerExtenderCallbacks function in BurpSuite's official documentation? - Search and copy the English description.
Ready to become an ethical hacker?
Start today.
As a member of Hakatemia you get unlimited access to Hakatemia modules, exercises and tools, and you get access to the Hakatemia Discord channel where you can ask for help from both instructors and other Hakatemia members.