Wednesday, February 19, 2014

Burp Extender: Target IP Changed during pentest.

It's been so long since the last time i've updated this blog. I regularly shared my thought mostly at @twitter now :), but i realize that for some reason, it's not a good place, especially for a long story with images :|.

Ok, this problem started when i do pen-testing job, and i had to re-scanning some web application, and the web server ip address is already changed, mostly happen because 1st time I scanned using internet ip and then when doing an internal pentest, i'm using internal web address. So, i ask to Dafydd, if these feature exists, but apparently only for target with hostname is supported, see image below, e.g: for domain "".

Fortunately there is an easy solution, with only one simple extension called "trafic redirector", see the details here, we should be able to redirect the traffic. At first i choose the java extension, but after compiling it into .jar and try to load it, i get "strange" java error, so i use the python version, and to use it we only need to modify the address from the "".

from burp import IBurpExtender
from burp import IHttpListener

class BurpExtender(IBurpExtender, IHttpListener):
    HOST_FROM = ""
    HOST_TO = ""

To run the python extensions under burp extender, you need to install jython in your machine, and for Mac users, you can just use brew to get jython installed on your machine.

$brew install jython

and then define your jython path at burp Extender options,

and then load the "Traffic Redirector" extensions

Ok now, we are good to go.

No comments:

Post a Comment