A handy plugin for copying requests/responses directly from Burp, some extra magic included.

Related tags

Security reporting bug-bounty bugbounty security-tools reporting-tool bug-bounty-hunters bugbounty-tool
Overview

RIO BurpSuite plugin

Request Input Output BurpSuite plugin A.K.A RIO - A handy plugin for copying requests/responses directly from Burp, some extra magic included.

Why ?

TL;DR

  • It saves time (on both ends - hacker and customer )
  • It speeds up a reporting process (you don't have to format the request manually, copy application specific headers/cookies each time)

Intro

How many times you had to copy the request/response from Repeater?
How many times you had to adjust the output to specific format? How many times you were hacking an app with custom headers that had to be included in the report?

If your answer for those question happens to be 999 or more, than I have a solution that will save you some time.

How ?

  1. Define a template
  2. Use this template with a request`
  3. Copy the output from RIO window
  4. Paste it to the PoC section of report
  5. Done.

Few words on response output

  • The plugin was created with Markdown as an desired output format, but you can use whatever output format you want
<request>
<target>
_target_
</target>
<url>
_url_
</url>
</request>

becomes

<request>
<target>
normandy.cdn.mozilla.net:443 (https)
</target>
<url>
https://normandy.cdn.mozilla.net:443/api/v1/
</url>
</request>

Few words on performance

RIO creates a new window for each Repeater tab that you have, so if you have 100 tabs it will take some time to load the plugin .

Few words on specials characters

Plugin utilizes BurpSuite MessageEditor for output display, therefore the output will support the same character charset as burp. It means that you can't display special characters from some languages i.e ąść from Polish alphabet.

Few words on BurpSuite MessageEditor tab

In some cases you may experience following exception

Cannot invoke "burp.il2.a(burp.ad0)" because "<parameter1>" is null

This issue is known to PortSwigger as I reported it here

TODOs

  • Set a limit on size of the response
  • Implement whitelist for allowed response headers
You might also like...

HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite

HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite

HopLa 💥 All the power of PayloadsAllTheThings, without the overhead. This extension adds autocompletion support and useful payloads in Burp Suite to

Dec 24, 2022

🔌 Simple library to manipulate HTTP requests/responses and capture network logs made by the browser using selenium tests without using any proxies

🔌 Simple library to manipulate HTTP requests/responses and capture network logs made by the browser using selenium tests without using any proxies

Simple library to manipulate HTTP requests and responses, capture the network logs made by the browser using selenium tests without using any proxies

Oct 23, 2022

This is a simple realization of custom messages pre/post processing in spring-boot HTTP/Stream requests & responses

spring-boot-custom-message-converting-instances This is a simple realization of custom messages converting in spring-boot HTTP requests and responses.

Jul 22, 2022

Generate a dynamic PAC script that will route traffic to your Burp proxy only if it matches the scope defined in your Burp target.

Generate a dynamic PAC script that will route traffic to your Burp proxy only if it matches the scope defined in your Burp target.

Burp PAC Server This Burp Extension generates a dynamic Proxy Auto-Configuration (PAC) script that will route traffic to your Burp proxy only if it ma

Jun 13, 2022

Very briefly capturing some of new/ update in API that were introduced after Java 8 that may come handy for dev folks while programming

Very briefly capturing some of new/ update in API that were introduced after Java 8 that may come handy for dev folks while programming. Also have created tests demonstrating those APIs and playaround with it.

Jan 24, 2022

Core for open source libraries, included some important Classes for those libs.

OpenSource Core You could also read the CHINESE version of README This is a very useful Java class library. In this update, we have merged the origina

Nov 16, 2022

OAUTHScan is a Burp Suite Extension written in Java with the aim to provide some automatic security checks

OAUTHScan is a Burp Suite Extension written in Java with the aim to provide some automatic security checks, which could be useful during penetration testing on applications implementing OAUTHv2 and OpenID standards.

Nov 29, 2022

simple web3j Demo to be continue,use web3j Brainless Trading,tool for arbitrage automatic trading, copying other transfer,tracking agency addresses, setting profit points, setting prices, grabbing blocks

simple web3j Demo to be continue,use web3j Brainless Trading,tool for arbitrage automatic trading, copying other transfer,tracking agency addresses, setting profit points, setting prices, grabbing blocks

Jan 7, 2023

A Minecraft plugin that adds magic spells for epic fights!

A Minecraft plugin that adds magic spells for epic fights!

EpicSpellsPlugin EpicSpellsPlugin is a Minecraft Spigot plugin for version 1.18+ that aims to add magic spells to the game for epic pvp and pve fights

Dec 4, 2022

Define Java service providers by annotating them directly

Annotated Service Provider Define JVM service providers by annotating the provider class directly. This annotation processor will add to the class-pat

Oct 31, 2021

Toloka has a powerful open API, it allows you to integrate an on-demand workforce directly into your processes, and to build scalable and fully automated human-in-the-loop ML pipelines.

Toloka has a powerful open API, it allows you to integrate an on-demand workforce directly into your processes, and to build scalable and fully automated human-in-the-loop ML pipelines.

Toloka Java SDK Documentation Website | API Documentation | Platform Designed by engineers for engineers, Toloka lets you integrate an on-demand workf

Apr 27, 2022

EvalEx is a handy expression evaluator for Java, that allows to evaluate expressions.

EvalEx - Java Expression Evaluator EvalEx is a handy expression evaluator for Java, that allows to parse and evaluate expression strings. Key Features

Sep 18, 2022

A tool to assemble Magic: The Gathering proxies from a set of template images

Proximity A tool to assemble Magic: The Gathering proxies from a set of template images. To get started, check out the wiki. Building Proximity can be

Oct 17, 2022

Magic Bean: A very basic library which will generate POJOs.

Magic Bean: A very basic library which will generate POJOs.

Dec 27, 2022

Burp plugin for the 1Password session protocol for use by security researchers. https://bugcrowd.com/agilebits

Burp plugin for the 1Password session protocol for use by security researchers. https://bugcrowd.com/agilebits

1Password session analyzer plugin for Burp Suite This repository contains a Burp plugin that adds a special message editor view to Burp to analyze and

Nov 28, 2022

BurritoSpigot is a fork of TacoSpigot 1.8.9 that offers several enhancements to performance as well as bug fixes. while offer extra APIs and support for plugins

🌯 BurritoSpigot 🌯 BurritoSpigot is a fork of TacoSpigot 1.8.8 that offers several enhancements to performance as well as bug fixes. while offer extr

Dec 20, 2022

DiscordRPC library that doesn't require any extra native libraries

DiscordRPC library using java 16 sockets on unix-like systems This is both good and bad, it's good because the only native library it needs is the sta

Oct 8, 2022

This is the repo for ArrayV's Extra Sorts Pack

ArrayV Extra Sorts Pack This is the repo for ArrayV's Extra Sorts Pack. This repo houses many community-made sorts. It has a built-in link to ArrayV,

Jan 31, 2022

Improve your clicks, scrolls and more with Extra Sounds Legacy

Extra Sounds Legacy Improve your clicks, scrolls and more with Extra Sounds Legacy. A simplified recreation of Extra Sounds for Minecraft 1.12.2. Incl

Dec 15, 2022
Comments
  • Request blanked when switching FROM RIO to Raw

    Request blanked when switching FROM RIO to Raw

    Hi,

    In the latest version of Burp suite (2022.5.2 build 14088) from the repeater when you switch to RIO, the request/response is formatted but when you go back to raw tab, the request is cleared

    1 image

    2 image

    3 image

    opened by psyray 2
Owner
Daniel Kalinowski
Daniel Kalinowski
GitHub
OAUTHScan is a Burp Suite Extension written in Java with the aim to provide some automatic security checks

OAUTHScan is a Burp Suite Extension written in Java with the aim to provide some automatic security checks, which could be useful during penetration testing on applications implementing OAUTHv2 and OpenID standards.

Maurizio S 163 Nov 29, 2022
Toloka has a powerful open API, it allows you to integrate an on-demand workforce directly into your processes, and to build scalable and fully automated human-in-the-loop ML pipelines.

Toloka Java SDK Documentation Website | API Documentation | Platform Designed by engineers for engineers, Toloka lets you integrate an on-demand workf

Toloka 10 Apr 27, 2022
A plugin for the ja-netfilter, it can block http requests.

plugin-url A plugin for the ja-netfilter, it can block http requests. Use the mvn clean package command to compile and use url-vX.X.X-jar-with-depende

null 20 May 22, 2022
Burp Extension for BFAC (Advanced Backup-File Artifacts Testing for Web-Applications)

BFAC - Burp Extension Burp Extension for BFAC (Advanced Backup-File Artifacts Testing for Web-Applications). What is BFAC - Burp Extension ? Backup fi

SEC-IT 18 Jul 16, 2022
Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046

Log4j-HammerTime This Burp Suite Active Scanner extension validates exploitation of the Apache Log4j CVE-2021-44228 and CVE-2021-45046 vulnerabilities

DXC Technology - StrikeForce 8 Jan 8, 2022
CTFCrackTools 's BurpSuite Plugin - Decode and Encode

DaE - Decode and Encode CTFCrackTools 's BurpSuite Plugin - Decode and Encode Many people suggested that I develop BurpSuite version, so I ported this

0chen 66 Nov 4, 2022
This is plugin for 1.17 Spigot/Bukkit Minecraft's servers.

This is plugin for 1.17 Spigot/Bukkit Minecraft's servers. This plugin fixes BowExploit(BowBomb) that found recently. Meteor Client developers released their fix, but the problem is that it fixes vanills arrow mechanics. Together I with https://github.com/l1tecorejz we made a plugin that fixes the exploit and doesn't

CRystalCLient 10 Jan 3, 2023
Trino UDFs Plugin to encrypt/decrypt values with a password

trino-encrypt-udfs Example of Trino UDFs Plugin to encrypt and decrypt values with a password. Introduction In Trino you can create new Plugins by imp

Victor Coustenoble 10 Dec 13, 2022
Easily regenerate worlds at a specific time & date you want (SpigotMC plugin)

Restore/reset worlds at specific times without kicking players from the server! No need to go through the hassle of resetting your worlds manually anymore. Plenty of features are already included in the free version!

Kihsomray 11 Sep 23, 2022
Copy Regex Matches is a Burp Suite plugin to copy regex matches from selected requests and/or responses to the clipboard.

Copy Regex Matches Copy Regex Matches is a Burp Suite plugin to copy regex matches from selected requests and/or responses to the clipboard. Install D

null 28 Dec 2, 2022