forked from bytebutcher/burp-send-to
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathBappDescription.html
65 lines (35 loc) · 3.48 KB
/
BappDescription.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
<p>Adds a customizable "Send to..."-context-menu to your BurpSuite.</p>
<p><b>Configuration</b></p>
<p>After loading the extension the "Send to"-Tab contains all necessary options to configure the "Send to"-context-menu. </p>
<p>New context-menu-entries can be added using the "Add"-button. Each entry consists of following fields:</p>
<ul>
<li><strong>Name:</strong> the name of the context-menu-entry</li>
<li><strong>Command:</strong> the command to be executed. You can use following placeholders:
<ul>
<li><strong>%H:</strong> will be replaced with the host</li>
<li><strong>%P:</strong> will be replaced with the port</li>
<li><strong>%T:</strong> will be replaced with the protocol</li>
<li><strong>%U:</strong> will be replaced with the url</li>
<li><strong>%A:</strong> will be replaced with the url path</li>
<li><strong>%Q:</strong> will be replaced with the url query</li>
<li><strong>%C:</strong> will be replaced with the cookies</li>
<li><strong>%M:</strong> will be replaced with the HTTP-method</li>
<li><strong>%S:</strong> will be replaced with the selected text</li>
<li><strong>%F:</strong> will be replaced with the path to a temporary file containing the selected text</li>
<li><strong>%R:</strong> will be replaced with the path to a temporary file containing the content of the focused request/response</li>
<li><strong>%E:</strong> will be replaced with the path to a temporary file containing the header of the focused request/response</li>
<li><strong>%B:</strong> will be replaced with the path to a temporary file containing the body of the focused request/response</li>
</ul>
</li>
<li><strong>Run in terminal:</strong> defines whether a terminal-window should appear in which the configured command is executed. By default "xterm" is used as terminal-emulator. You can change the terminal-emulator in the "Miscellaneous Options" to your liking.</li>
<li><strong>Show preview:</strong> gives you the chance to preview and change the command before executing it</li>
<li><strong>Output should replace selection:</strong> will replace the selection with the output of the to be executed command</li>
</ul>
<p>After creating new context-menu-entries using the "Add"-button they can be edited or deleted again using the "Edit"- and "Remove"-button. In addition the order in which they appear in the context-menu can be altered using the "Up"- and "Down"-button.</p>
<p><b>Context-Menu</b></p>
<p>The "Send to..." context-menu contains all entries which were added in the "Send to"-Tab.
In addition you can add new entries via the "Custom command..."-context-menu-entry.</p>
<p><b>Save and load options</b></p>
<p>Usually the options of the "Send to"-Tab are saved automatically. However, if you switch computers you may save and load your current options. This can be done by clicking on the gear-symbol in the upper-left corner of the "Send to"-Tab and select the appropriate context-menu-entry.</p>
<p><b>Security Notes</b></p>
<p>Executing commands based on untrusted input always introduces the risk of command injection. This is especially true when using the <strong>%S</strong> placeholder. Thus it is recommended to always activate the <strong>Show preview</strong> option when using the <strong>%S</strong> placeholder and closely analyse commands in the preview window prior to execution.</p>