Burp Suite Plugin

Tplmap is able to run as a Burp Suite Extension.

Install

Load burp_extension.py with following conditions.

• Burp Suite edition: Professional
• The Python modules required for Tplmap are installed.
  • PyYaml
  • requests
• Extension type: Python

An example of a simple setup procedure:

1. Install Jython by installer

1
2

$ wget 'http://search.maven.org/remotecontent?filepath=org/python/jython-installer/2.7.0/jython-installer-2.7.0.jar' -O jython_installer.jar
$ java -jar jython_installer.jar -s -d /path/to/install/jython -t standard

1. Install additional Python modules

1
2

$ cd /path/to/install/jython
$ ./bin/pip install PyYaml requests

1. Run your Burp Suite
2. Open Jython file chooser dialog [Extender] - [Options] - [Python Environment] - [Location of the Jython standalone JAR file]
3. Choose the file /path/to/install/jython/jython.jar
4. Load burp_extender.py as Python type burp extension

Scanning

Configure scanning option from ‘Tplmap’ tab, and do an active scan.

Limitation

Only the detection feature of Tplmap is available. Exploitation feature is not implemented, use Tplmap CLI.

The --injection-tag option is also not available, because this extension follows Burp’s Insertion Point setting.

If you need the --injection-tag option, you can use Scan manual insertion point extension.

上一篇：CTFer从0到1笔记

下一篇：2020Geek11th新生赛