今天粗略看了burpsuit对protobuf的支持情况,对比了官方的protobuf插件和NCCGroup的插件,发现NCC的插件项目较为活跃,所以采用NCC的。
参考文档地址:
https://github.com/nccgroup/blackboxprotobuf/tree/master/burp
Installation
- If Burp Suite is not already installed, download it from https://portswigger.net/burp/.
- Download/Install Jython 2.7+ and configure Burp with the location. See https://portswigger.net/burp/documentation/desktop/extensions/installing-extensions
- Clone this repository and then run
git submodule update --initto install dependencies. - Within Burp, navigate to Extender -> Extensions and select "Add".
- Set "Extension Type" to Python and select the
extender.pyfile in the git repository. - Click Next and the extension should load.
- Note: gRPC is supported, but you'll have to enable Burp's HTTP/2 support (under Project Options->HTTP). Also, currently only uncompressed gRPC payloads are supported. If the first byte of the payload is not
0x00, it's compressed and you'll have to modify the en/decoding code to account for that.
其中第2步的文档简要为下:
Installing Jython or JRuby
You need to install Jython or JRuby if you see a Download Jython or Download JRuby button next to the extension in the BApp Store. This enables extensions written in Python or Ruby to interact with Burp's legacy, Java-based Extender API.
To install Jython or JRuby:
- Click the Download Jython or Download JRuby button.
- Download the standalone JAR version of Jython or JRuby.
- In Burp Suite, go to Extensions > Options.
- Under Python Environment or Ruby Environment, click Select file.
- Select the JAR file and click Open.
- Go to Extensions > BApp Store. Notice that the Install button is now available for your extension.
效果如下:
因为protobuf只用数字来表明字段,所以这里用数字表示字段,应该也支持edit其中的字段,我还没尝试,后续需要的时候再测试。(不过似乎不支持自己上传.proto文件来解析)
标签:Jython,protobuf,插件,JRuby,Burp,Download,解析,BurpSuit From: https://www.cnblogs.com/saaspeter/p/17003798.html