search

nccgroup / blackboxprotobuf

Blackbox Protobuf is a set of tools for working with encoded Protocol Buffers (protobuf) without the matching protobuf definition.
MIT License
516 stars 86 forks source link

use Protobuf inside intruder #7

Closed Chriz42 closed 3 years ago

Chriz42 commented 3 years ago

Hey, nice plugin for intercepting a request, change some values or use inside the repeater.

I was looking for a tool that helps me tu fuzz protobuf entpoints. Would it be possible to add the protobuf encoding to the intruder logic? Or is this allready possible?

best regards Chris

rwinkelmaier-ncc commented 3 years ago

Hi Chris,

You want to be able to use Intruder to modify a value in a decoded request and then encode the whole request before sending correct? Similar to how it could be done manually in Repeater?

I'll have to take a closer look later, but this will probably be limited by the Burp APIs. A quick look at the docs, it looks like there is only an option to have an extension generate the entire payload (would have to generate the whole protobuf message with a complicated configuration) or add a custom encoder for the payload, but I think that applies over just the highlighted payload and not the entire request.

Something like Turbo Intruder may be more flexible with how requests are processed.

Chriz42 commented 3 years ago

Hey, yes "You want to be able to use Intruder to modify a value in a decoded request and then encode the whole request before sending correct? Similar to how it could be done manually in Repeater?" This is the plan.

Thanks that you take a look inside the APis. I guess I will just use a different intruder as you mentioned.