Category Archives: Useful Scripts & Applications

Almost exactly one year ago SourceMapper v1.2 was released. Today we announce the release of SourceMapper v1.3!

This version sees some bug fixes and some functionality improvements. Specifically SourceMapper now:

• Raises alerts within Burp Suite when it finds configurations that need investigating and may be minor issues.
• Can identify embedded Source Maps as well as linked Source Maps.
• Has improved basic sanity and syntax checking for found Source Maps to help reduce false positives

The main improvement of this update means that the plugin doesn’t just inject Source Map headers and optionally inject local content for the browser to use. Now it also can be used to raise your awareness of any present map files.

Please see the GitHub repo here!

TL;DR; New BurpSuite plugin called “Look Over There” that tells Burp where to look when scanning API end points that otherwise would be like shouting into a void.

---

I fondly remember the good old days when restful web apps meant you could walk through the web application, check it for sanity and then use the Active Scanning techniques within Burp Suite to get a significant amount of coverage completed without much effort.

On far too many recent web application penetration tests I have found myself frustrated that Burp doesn’t understand the application’s JavaScript API calls and what they mean or where it should look for results. These are the days of the Single Page Application (SPA) and JavaScript driven API calls and the frustration grew to the point where I wrote an extension to help.

Look Over There is expected to be available in the BApp store any moment now and you can also find the source code here:

https://github.com/yg-ht/Burp-LookOverThere

The extension checks for a number of scoping requirements and if they all match it will inject a Location header and a 302 HTTP status code. This means that Burp will interpret redirection and make the necessary additional requests. If configured correctly it will request the resource in which reflected content can be found and analyse it as it ordinarily would, for example in an old-skool restful web application.

To use the extension you first need to configure it, and then you need to send the relevant request to the Scanner or to Intruder for more targeted Scanning. Configuration is straight forward, at minimum you need to enable the plugin, specify the trigger URL and specify the target URL. There are also other relevant qualities about the request that can further specify the type of transaction in order to be as precise as possible. It is important to configure it correctly to make sure the extension only operates when you want it to prevent the extension from accidentally trampling on any other possible results.

• The trigger URL is the URL that is being scanned. It triggers the extension to take action and without this, nothing happens and the tool won’t know it is supposed to do something.
• The target URL is where you want Burp to look. This should be the URL that would return the reflected content. The contents here can be in any format, for example, a full HTML page, or just a JSON blob.

What is TCP and the why use it?

TCP stands for Transmission Control Protocol. The purpose of TCP is to enable most data transmissions on the Internet or other computer network. TCP is very common.

TCP is the connection-based transmission of data. It provides a communication layer between the upper layers of the OSI model, such as the application layer, and the Internet Protocol layer. It guarantees delivery and correct transmission. For example, a data packet “A” and date packet “B” that are sent using TCP/IP will always be correctly assembled at the destination in the correct order.

Any use of the Internet Protocol can have unpredictable behaviour, data can be lost, duplicated, or delivered out of order. TCP can detect these kinds of issues. It can reorganise out of order data, request re-transmission from lost data.

Why would I need to perform a TCP Ping?

A port is a number used to uniquely identify a transaction over a network by specifying both the host and the service. They are necessary to differentiate between many different IP services, such as web service (HTTP), mail service (SMTP), and file transfer (FTP).

I occasionally find it useful to see whether the connection between myself and a target machine is on a stable net connection where the sys-admin has also blocked ICMP at their firewall.

The script

In order to monitor the uptime using just TCP ports I wrote this little script:

#!/bin/bash
if [ “$1” == “” ] || [ “$2” == “” ]; then
echo “Usage: `basename $0` {URL|IP} {TCP PORT} [DUBUG=false|true]”
else
INDEX=0
RESOLVED=`ping -q -c 1 -t 1 $1 | grep PING | awk {‘print $3’} | sed “s/[()]//g”`
echo “NMAP PING $1 ($RESOLVED)”
while [ 1==1 ]; do
INDEX=$((INDEX+1))
if [ “$3” == “true” ]; then
RESULT=`nmap -P0 -T5 -p$2 $RESOLVED –unprivileged`
else
RESULT=`nmap -P0 -T5 -p$2 $RESOLVED –unprivileged | grep “Host is up” | awk {‘print $4’} | sed ‘s/[^0-9\.]//g’`
fi
echo “Resp: $RESOLVED:$2/tcp Seq=$INDEX at $RESULT ms”
sleep 1
done
fi

This script can also be found in our GitHub repository here.

It is based on other peoples work (like the nmap project) and suggestions are welcome…

Lean how you can improve you cybersecurity

Contact us