Making Burp Suite module
From OWASP Live CD 2008
Contents |
Get the Binary for Burp Suite
Go to the PortSwigger website and navigate to the download page. On the Downloads page, you'll see a links to .zip and .tar.gz version of Burp Suite. Grab either as Linux plays well with both formats. I grabbed burpsuite_v1.1.tar.gz which was the latest at the time of this writing.
Go ahead and extract the download into the working/temp directory:
$ cp /home/mtesauro/owasp-live-cd/tools-in-SoC-release/burpsuite_v1.1.tar.gz temp/ $ cd temp/ $ tar -xzvf burpsuite_v1.1.tar.gz $ cd ../
Create the needed directories in fakeroot
Eventually, we'll use dir2lzm to make the module, so lets get the directories created that we need:
$ mkdir -p ./fakeroot/opt/owasp/ $ mkdir -p ./fakeroot/usr/bin $ mkdir -p ./fakeroot/usr/share/aplications $ mkdir -p ./fakeroot/usr/share/pixmaps
Create and put the module's files into the fakeroot directory
Since we are getting a pre-compiled binary, lets get the application file where it needs to go.
mv temp/burpsuite_v1.1 fakeroot/opt/owasp/
Next, well need a script to start Burp Suite in fakeroot/usr/bin. This one is very easy:
$ vi fakeroot/usr/bin/burpsuite [create script] $ cat fakeroot/usr/bin/burpsuite #!/bin/sh cd /opt/owasp/burpsuite_v1.1 java -jar burpsuite_v1.1.jar
Creating Burp Suite's menu file is rather simple. Use a text editor and create the file burpsuite.desktop
$ vi fakeroot/usr/share/applications/burpsuite.desktop [create the file] $ cat fakeroot/usr/share/applications/burpsuite.desktop [Desktop Entry] Encoding=UTF-8 Exec=burpsuite Icon=/usr/share/pixmaps/burpsuite-icon.png Type=Application Categories=Application;Network; Name=Local Proxy Name[cs]=Local Proxy GenericName=Burp Suite GenericName[cs]=Burp Suite MimeType=text/html X-KDE-StartupNotify=true
The icon was a bit interesting. I didn't get one with the download. I cheated and grabbed a screenshot from the the PortSwigger site. I then used Gimp to cut out the little face in the top left of the title bar of the application. I saved that as a 48x48 .png file called burpsuite-icon.png in the working/temp directory. I then moved that into fakeroot.
cp ./temp/burpsuite-icon.png ./fakeroot/usr/share/pixmaps/
Burp requires Java. I've already created a Java module. I document how I did that in Making the Java module.
Everything is in place to create the modules, a quick final check:
find fakeroot fakeroot/ fakeroot/opt fakeroot/opt/owasp fakeroot/opt/owasp/burpsuite_v1.1 fakeroot/opt/owasp/burpsuite_v1.1/IBurpExtender.html ...
Generate the .lzm module
This is the easy part.
$ ./dir2lzm ./fakeroot burpsuite-1.1.lzm
Add the modules to the ISO build directory
Also cake
$ cp -i burpsuite-1.1.lzm ../contents/slax/base/ $ chmod 775 ../contents/slax/base/burpsuite-1.1.lzm
Test the new module
I like scp'ing the new modules into a running Live CD and using the Module Manager to Add modules to a running system. I typically have the Live CD running in a VM while I create modules so its already up and ready.
You can also gen a new ISO and run it in a VM of your choice.
$ cd ../contents/slax/ $ ./make_iso.sh /home/mtesauro/isos/new-owasp.iso
If anything doesn't work as expected, make the changes needed to ./fakeroot and try again.
Clean up and archive
Once you've got a working module, lets clean up a bit.
$ $ mkdir ./completed_modules/burpsuite $ mv burpsuite-1.1.lzm ./completed_modules/burpsuite/ $ mv temp/burpsuite_v1.1.tar.gz ./completed_modules/burpsuite/ $ mv temp/burpsuite-icon.png ./completed_modules/burpsuite/ $ rm -rf ./temp/*
I usually delete anything under ./fakeroot also.
$ rm -rf ./fakeroot/*
