Research Academy Daily Swig
My account Customers About Blog Careers Legal Contact

Burp Suite User Forum

Login to post

auto swagger detector

muneer | Last updated: Jun 03, 2020 05:24PM UTC

i am beginner in python and i need to add this function to burp, detecting if swagger is enabled, if yes new issue must be add to issues list, i choose to use ScopeChangeListener to check once the user config the scope in burp"add to Scope", i tried some way to get the current scope but i could not, please check the code down from burp import IBurpExtender from burp import IHttpListener from burp import IProxyListener from burp import IScannerListener from burp import IExtensionStateListener from burp import IScopeChangeListener class BurpExtender(IBurpExtender, IHttpListener, IProxyListener, IScannerListener, IExtensionStateListener): # # implement IBurpExtender # def registerExtenderCallbacks(self, callbacks): # keep a reference to our callbacks object self._callbacks = callbacks # set our extension name callbacks.setExtensionName("Swagger") # register ourselves as an extension state listener callbacks.registerScopeChangeListener(self) # # implement IExtensionStateListener # def scopeChanged(): # here i have to write the code for checking if the Swagger is enabled and in case it is enabled issue should be added issues list # these urls can be use

muneer | Last updated: Jun 03, 2020 05:36PM UTC

here the URLs can be use to detect /swagger-ui.html /swagger/swagger-ui.html /api/swagger-ui.html /v1.x/swagger-ui.html /swagger/index.html

Hannah, PortSwigger Agent | Last updated: Jun 04, 2020 09:09AM UTC

Hi Have you tried registering an HTTP listener or Proxy listener to monitor the traffic going through? You could also register this as a passive scanner check using IScannerCheck.doPassiveScan.

You need to Log in to post a reply. Or register here, for free.