BurpSuit的protobuf的解析支持

今天粗略看了burpsuit对protobuf的支持情况,对比了官方的protobuf插件和NCCGroup的插件,发现NCC的插件项目较为活跃,所以采用NCC的。

参考文档地址:

https://github.com/nccgroup/blackboxprotobuf/tree/master/burp

Installation

  1. If Burp Suite is not already installed, download it from https://portswigger.net/burp/.
  2. Download/Install Jython 2.7+ and configure Burp with the location. See https://portswigger.net/burp/documentation/desktop/extensions/installing-extensions
  3. Clone this repository and then run git submodule update --init to install dependencies.
  4. Within Burp, navigate to Extender -> Extensions and select "Add".
  5. Set "Extension Type" to Python and select the extender.py file in the git repository.
  6. Click Next and the extension should load.
  7. Note: gRPC is supported, but you'll have to enable Burp's HTTP/2 support (under Project Options->HTTP). Also, currently only uncompressed gRPC payloads are supported. If the first byte of the payload is not 0x00, it's compressed and you'll have to modify the en/decoding code to account for that.

       其中第2步的文档简要为下:

Installing Jython or JRuby

You need to install Jython or JRuby if you see a Download Jython or Download JRuby button next to the extension in the BApp Store. This enables extensions written in Python or Ruby to interact with Burp's legacy, Java-based Extender API.

To install Jython or JRuby:

  1. Click the Download Jython or Download JRuby button.
  2. Download the standalone JAR version of Jython or JRuby.
  3. In Burp Suite, go to Extensions > Options.
  4. Under Python Environment or Ruby Environment, click Select file.
  5. Select the JAR file and click Open.
  6. Go to Extensions > BApp Store. Notice that the Install button is now available for your extension.

       效果如下:

       

          因为protobuf只用数字来表明字段,所以这里用数字表示字段,应该也支持edit其中的字段,我还没尝试,后续需要的时候再测试。(不过似乎不支持自己上传.proto文件来解析)

 

 

     

posted @ 2022-12-25 11:13  saaspeter  阅读(126)  评论(0编辑  收藏  举报