Welcome to the next generation of web application penetration testing - using WebKit to own the web. BurpKit is a BurpSuite plugin which helps in assessing complex web apps that render the contents of their pages dynamically. It also provides a bi-directional JavaScript bridge API which allows users to create quick one-off BurpSuite plugin prototypes which can interact directly with the DOM and Burp's extender API.
BurpKit has the following system requirements:
- Oracle JDK >=8u50 and <9 (Download)
- At least 4GB of RAM
Installing BurpKit is simple:
- Download the latest prebuilt release from the GitHub releases page.
- Open BurpSuite and navigate to the
Extendertab. - Under
Burp Extensionsclick theAddbutton. - In the
Load Burp Extensiondialog, make sure thatExtension Typeis set toJavaand click theSelect file ...button underExtension Details. - Select the
BurpKit-<version>.jarfile and clickNextwhen done.
If all goes well, you will see three additional top-level tabs appear in BurpSuite:
BurpKitty: a courtesy browser for navigating the web within BurpSuite.BurpScript IDE: a lightweight integrated development environment for writing JavaScript-based BurpSuite plugins and other things.Jython: an integrated python interpreter console and lightweight script text editor.
BurpScript enables users to write desktop-based JavaScript applications as well as BurpSuite extensions using the JavaScript scripting language. This is achieved by injecting two new objects by default into the DOM on page load:
burpKit: provides numerous features including file system I/O support and easy JS library injection.burpCallbacks: the JavaScript equivalent of theIBurpExtenderCallbacksinterface inJavawith a few slight modifications.
Take a look at the examples folder for more information.
A readable version of the docs can be found at here