Commentator and MessageViewers Plugins not Working for Burp Professional v2020.2.1

silentsignal / burp-piper

Piper Burp Suite Extender plugin

https://blog.silentsignal.eu/2020/03/27/unix-style-approach-to-web-application-testing/

GNU General Public License v3.0

113 stars 12 forks source link

Commentator and MessageViewers Plugins not Working for Burp Professional v2020.2.1 #14

Closed JohnPeng47 closed 4 years ago

JohnPeng47 commented 4 years ago

Thought that this tool was pretty interesting, but was not able to get the Commentator and MessageViewer plugins working for the latest professional Burp build. When I select a group of Proxy History items and tried to comment them with the SHA-256 commentator plugin, nothing appeared in the comments section and no debug/error messages were logged in the Extender. Similar results with the hd MessageViewer plugin, where no output is displayed.

Wondering if this is because Burp made some API changes during their upgrade to v2.0, and Piper has not yet implemented those changes in source?

v-p-b commented 4 years ago

Which version of the plugin you are using? (One from GH releases, built from source, BApp Store..)
Are the corresponding cmdline tools (hd,sha256sum)available in your PATH?

I just tested this with the latest Burp (2020.4, also used for a while with prev versions) and the plugin from the BApp Store and it works as expected.

dnet commented 4 years ago

Piper was developed way after v2.0 and I actually never even tried using it with anything prior to v2.0. What OS are you using? Also, try enabling developer mode (check the only checkbox on the Developer tab of the Piper UI) and then click on the Message Viewer tabs, execute Commentators that doesn't seem to work. If there's a problem while executing the commands, Piper will log this in developer mode to the window in Extender > Extensions > (select Piper in the list) > Errors tab

JohnPeng47 commented 4 years ago

Ahh looks like its my bad, didn't have the tools in my PATH. Is there a way to configure Piper to look for the binaries without setting system environment? Working on a laptop right now which I don't have local admin access to.

dnet commented 4 years ago

Thanks for the feedback, it's probably a good idea to display a helpful error message in the message editor for such cases, anyway. :)

v-p-b commented 4 years ago

I think all modern OS's allow you to set the PATH as a normal user for your current session:

Linux: export PATH=$PATH:/path/to/binaries/
Windows: https://superuser.com/a/25038/686884

Also, I believe when you edit the command (Piper tab / double click on entry / Command Edit...) you can specify full paths for the binaries.

dnet commented 4 years ago

you can specify full paths for the binaries

Just to confirm: yes you can, I usually do that for project-specific one-off impromptu scripts