A BurpSuite plugin for BBRF

Overview

bbrf-burp-plugin

What's BBRF?

The Bug Bounty Reconnaissance Framework (BBRF) is intended to facilitate the workflows of security researchers across multiple devices.

For more information about BBRF, read the blog post on https://honoki.net/2020/10/08/introducing-bbrf-yet-another-bug-bounty-reconnaissance-framework/

What's the plugin for?

The Burp plugin enables easy integration of your daily testing in Burp Suite with your personal BBRF server.

screenshot1

Features

  • Specify the program name in the BBRF tab in Burp Suite;

  • Verify the installation works by clicking the "Verify" button - if the configuration works, you should see the inscope of your program appear in the text field below.

  • Automatically (passive) scan all HTTP responses for possible subdomains and send them to the BBRF client which will automatically weed out the inscope or outscope domains and send them to your server;

  • Select and right-click a number of domains or urls and use the menu item "Send to BBRF" to store them in your database;

  • Use the "Copy scope" button to fetch the inscope and outscope from BBRF and load it into Burp's target scope.

    screenshot2

Troubleshooting

This extention assumes you have the bbrf client installed on your system:

  • pip3 install bbrf

Everything that is sent to BBRF is matched against the defined scope of the program, so ensure you have configured your inscope and outscope according to your preferences and the program rules.

Comments
  • [issue] Can't change program in Burp

    [issue] Can't change program in Burp

    I'm starting to use the plugin, I wanted to change the program selected on it, for some reason it started a random program, but I couldn't change it. The program loads on the GUI on the BBRF tab, but even doing 'Verify', 'Save' and 'Copy' didn't change the program. So, this is what happens:

    • Running the Burp scanner, the plugin does try to add domains and urls to the correct program (the one set on the BBRF tab)
    • While doing Right click + add domain/url it tries to add them to the other program I can't get rid of.

    I'm using Burp Professional v2021.3.3.

    opened by pdelteil 2
  • [issue] Won't load program with spaces in program name

    [issue] Won't load program with spaces in program name

    I'm trying to load a program into Burp. The program name is something like this: word1 word2 (word3) word4)

    I'm unable to load it into burp using the pluing. I tried with without quotes, single quotes and double quotes with no positive results.

    Thanks.

    opened by pdelteil 1
  • Burp target

    Burp target "Exclude from scope" gets entry `$` if no outscope is defined for a program

    If a program does not have a defined outscope in BBRF, the plugin will add the entry $ to the list of excluded hostnames, which matches every host.

    Expected: if no outscope is defined, there should be no entries in the excluded scope in Burp.

    image

    opened by honoki 0
  • Improve usability, or document the required click on

    Improve usability, or document the required click on "Save"

    When you install the plugin and check a program's scope, you need to click "Save" before being able to add domains or URLs using the menu. This is not really intuitive...

    IMO, it would be good to either:

    • clearly document that in the README.
    • modify the UI, maybe put the "Save" button next to the "Verify" ? And/or add a statement "you need to click save for the plugin to work properly"
    opened by aroly 0
  • Feature idea: copy proxy settings from BBRF into Burp

    Feature idea: copy proxy settings from BBRF into Burp

    Since proxy support was introduced in BBRF v1.2, it'd be fun to have an extra button "copy proxy settings" that configures Burp proxy settings automatically.

    It would need to distinguish between HTTP and SOCKS proxies and configure them accordingly in Project Settings ("Upstream Proxy Servers" for HTTP/HTTPS proxy, "SOCKS Proxy" otherwise.)

    opened by honoki 0
Releases(v0.2)
Owner
Pieter
Pieter
:package: Gradle/Maven plugin to package Java applications as native Windows, Mac OS X, or GNU/Linux executables and create installers for them.

JavaPackager JavaPackager is a hybrid plugin for Maven and Gradle which provides an easy way to package Java applications in native Windows, Mac OS X

Francisco Vargas Ruiz 665 Jan 8, 2023
maven plugin for making chmod +x jar files

To use it, add a plugin to your pom like <!-- You need to build an exectuable uberjar, I like Shade for that --> <plugin> <groupId>org.apache.mave

Brian McCallister 113 Dec 8, 2022
Launch4j Maven Plugin

Launch4j Maven Plugin

Lukasz Lenart 301 Dec 29, 2022
Maven plugin to help creating CHANGELOG by keeping one format and solving merge request conflicts problem by extraction of new CHANGELOG entries to seperate files.

keep-changelog-maven-plugin CHANGELOG.md is one of the most important files in a repository. It allows others to find out about the most important cha

Piotr Zmilczak 22 Aug 28, 2022
HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite

HopLa ?? All the power of PayloadsAllTheThings, without the overhead. This extension adds autocompletion support and useful payloads in Burp Suite to

Synacktiv 522 Dec 24, 2022
Flutter plugin to listen to the process text intent stream.

Flutter Process Text Plugin Show some ❤️ and ⭐ the repo Why use Flutter Process Text? Flutter Process Text Plugin is known for : Flutter Process Text

Divyanshu Shekhar 14 Jul 1, 2022
AspectJ Maven Plugin

AspectJ Maven Plugin Overview This plugin weaves AspectJ aspects into your classes using the AspectJ compiler ajc. Typically, aspects are used in one

null 19 Dec 9, 2022
Ask and replay plugin for Mirai-Console

EntryLib EntryLib 是一个基于 Mirai-Console 的插件,用于实现群词条、自定义回复或更多功能。 目录 声明 使用方法 基本指令列表 额外说明 配置项 控制台 数据库结构 To-Do List 插件依赖 声明 本插件仅作为学习交流等使用,请勿用于盈利,否则法律后果自负。 欢

Bill Yang 33 Oct 25, 2022
Flutter plugin to listen to the process text intent stream.

Flutter Process Text Plugin Compatibility ✅ Android ❌ iOS (active issue: iOS support) Show some ❤️ and ⭐ the repo Why use Flutter Process Text? Flutte

Devs On Flutter 14 Jul 1, 2022
This simple Android Studio plugin includes keyboard shortcuts for many common actions.

Hotkeys This simple Android Studio plugin includes keyboard shortcuts for many common actions. Features • Build process • Contribute • License Feature

SACHIN KASARADDI 14 Apr 26, 2022
A simple but helpful fight plugin with rank support

RankFight A simple but helpful fight plugin with rank support HighLights PlceholderAPI Support %rankfight_rank% %rankfight_credit% %rankfight_shopCred

贺兰星辰 5 Nov 20, 2021
Ghidra Wasm plugin with disassembly and decompilation support

Module to load WebAssembly files into Ghidra, supporting disassembly and decompilation. This plugin borrows loader functionality from this repo: https

Garrett Gu 54 Nov 22, 2022
The best plugin to protect anarchy servers and mc servers in general against op attacks.

AdminSecure The best plugin to protect anarchy servers and mc servers in general against op attacks How does it work? When the server detects a player

PK2_Stimpy 3 Sep 2, 2021
Source code of Trend's Manhunt plugin

Trend's Manhunt This is the official repository of my Manhunt plugin. Contribution You are allowed to contribute, but NOT to yoink all of my plugin co

flpae 1 Oct 19, 2022
A Flutter plugin to extract waveform data from an audio file suitable for visual rendering.

just_waveform This plugin extracts waveform data from an audio file that can be used to render waveform visualisations. Usage final progressStream = J

null 53 Dec 4, 2022
GMC-Tools - Plugin with basic tools for Minecraft server administrator

GMC-Tools - Plugin with basic tools for Minecraft server administrator. Currently we do not support configuration files and we do not recommend using this plugin on production servers.

GamesMC Studios 4 Jan 14, 2022
Googleads-mobile-flutter - A Flutter plugin for the Google Mobile Ads SDK

Google Mobile Ads for Flutter This repository contains the source code for the Google Mobile Ads Flutter plugin, which enables publishers to monetize

Google Ads 251 Jan 2, 2023
QuickShell is an Eclipse plugin to use Java JShell inside the Eclipse IDE.

QuickShell is an Eclipse plugin to use Java JShell (REPL) inside Eclipse IDE. JDK 9+ is not installed on your system? No worries, you can still use Qu

Nilesh Khaire 8 Oct 3, 2022
Spotless-intellij-gradle - An IntelliJ plugin to allow running the Spotless gradle task from within the IDE.

Spotless Intellij Gradle An IntelliJ plugin to allow running the spotless gradle task from within the IDE on the current file selected in the editor.

Ryan Gurney 30 Dec 17, 2022