Saturday, September 26, 2009

BToD Permanently modifying your Burp Suite payload strings.


Last week I showed you a couple of Oracle payloads you could load up into the intruder preset payload list Here. I'm sure at least one person thought to themselves, instead of loading the list from a file and keeping track of various files can't we just add this to our fuzzing list permanently? The answer is yes and we will walk thru it together.

The first thing we need to do is unzip our burpsuite jar file.I'm using 7zip which you can obtain here.



We now have a newly created folder containing the files that make up burpsuite.



Open the newly created folder and navigate to \burp\PayloadStrings\ and open the file you would like to edit. In our case, this file is 'fuzzing - full.pay'. I am using SciTe to edit the file but you can also use something like notepad++.




So go ahead and make your changes, I've added the Oracle payloads as mentioned before.



Save the file and exit. Zip the the contents of the folder as a JAR file like so:



Okay, well I moved this jar file back into the "C:\burpsuite_v1.2_pro\" directory and deleted the "C:\burpsuite_v1.2pro\burpsuite_pro_v1.2.16\" folder.

Now lets start it up and check to see if it worked.



Yep, it worked alright. Okay, so if you have any questions feel free to ask.

Happy Hacking!

~cktricky
cktricky

2 comments:

Anonymous said...

thanks you for your tut.can you share your payloads,plz?

Anonymous said...

The blog link is not accessible. :(