Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

List Burp Proxy Listeners

Jacob | Last updated: Oct 20, 2015 06:28PM UTC

Greetings, Quick question - how would one obtain a list of every Proxy listener currently configured within Burp using the BurpExtender API? I've tried leveraging the callbacks.getProxyListeners method: https://portswigger.net/burp/extender/api/burp/IBurpExtenderCallbacks.html#getProxyListeners() But as far as I can tell it returns an empty result despite having 127.0.0.1:8080 registered by default. Any help on this matter is greatly appreciated. Thanks in advance!

PortSwigger Agent | Last updated: Oct 21, 2015 08:13AM UTC

The getProxyListeners method returns the IProxyListener objects that your extension has registered - nothing to do with the Proxy's network listeners. You can call the saveConfig method to obtain a map representing Burp's current configuration, and in there will be details of the Proxy network listeners. The preferences format is not currently ideal and we are working on a replacement that will see Burp's settings handled via human-readable config files, which will make what you are trying to do a bit easier.

Burp User | Last updated: Oct 21, 2015 04:02PM UTC

It would probably be more useful to explain the full use case. We're working on expanding the functionality of a Burp extension known as burpbuddy (https://github.com/tomsteele/burpbuddy). To sum up this extension at a high level it provides the means to make REST API calls to TCP port 8001 to kick off various things (an active scan or spider as an example). Our goal is that each time burp opens/loads the burpbuddy extension, the proxy listener and all of the relevant burpbuddy ports listen on ephemeral ports instead of statically defined ports (i.e. 127.0.0.1:8080). Doing so ensures communication collisions are avoided on the same host. In order to faciliate this requirement, we need to use BurpExtender to delete the default Proxy listener and re-add a new proxy listener on a default port. Once this is completed, a watir-webdriver object is invoked and configured w/ the new ephemeral proxy listener to allow the watir-webdriver object (http://watirwebdriver.com/) to browse to a site, authenticate, and then have BurpExtender kick off an active scan (essentially a post-authenticated scan). All of this is working w/ the exception of the default proxy listener being removed and re-added as a listener on an ephemeral port. So I guess the main question is whether there is a way to delete 127.0.0.1:8080 using the Java BurpExtender API _without_ the need to deal with configs? Thanks in advance for your help!

Burp User | Last updated: Oct 21, 2015 06:34PM UTC

Figured out that I didn't need the current proxy listener object to remove it, since we can overwrite the default using the following block of code within BurpExtender: String proxy_config = "proxy.listener0=1.0.1.0..0.1.1.0..0..0."; HashMap<String, String> configMap = new HashMap<String, String>(); StringTokenizer configToker = new StringTokenizer(proxy_config, "="); String name = configToker.nextToken(); String value = configToker.nextToken(); configMap.put(name, value); callbacks.loadConfig(configMap); Thanks Dafydd, you pointed me in the right heading...cheers!

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.