Rewrite using new Burp Extension API (montoya)

ozzi- / JWT4B

JWT Support for Burp

GNU General Public License v3.0

240 stars 46 forks source link

Rewrite using new Burp Extension API (montoya) #87

Closed ozzi- closed 2 months ago

ozzi- commented 8 months ago

https://portswigger.net/burp/documentation/desktop/extensions/creating

bcyrill commented 3 months ago

I rewrote the extension using the new Montoya API 😄 https://github.com/bcyrill/JWT4B/tree/montoya

While the majority of changes are conversions of the old to new API calls, the biggest changes logic-wise are within the tokenposition classes.

Regarding the tests, I adapted them as well, but since the Burp specific classes are not available when running tests, had to mock / reimplement quite a bit of Burp internal logic.

In addition, I converted the build system from Maven to Gradle.

ozzi- commented 3 months ago

Holy moly, let me have a look as soon as I find some time. Cool stuff

ozzi- commented 2 months ago

https://github.com/ozzi-/JWT4B/pull/88 merged into feature branch upstream, will be doing some testing

ozzi- commented 2 months ago

There is some small stuff such as removal of custom headers that I will have to reimplement, not all apps use "Authorization Bearer". Also there is a weird bug of JWTs being appended n times when switching between raw and jwt4b in the intercept tab. Otherwise looking good

ozzi- commented 2 months ago

@bcyrill FYI - thanks. Did some tweaks, testing looks good. Will be creating upstream PR to portswigger soon.