metasploit-framework/external/burp-proxy
..
readme.txt
wmap_plugin_v0.1-burp_v1.1.jar
wmap_plugin_v0.1-burp_v1.2.jar

readme.txt

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

=[Burp proxy WMAP Plugin				                     spinbad.security@googlemail.com 
------------------------------------------------------------------------------------------------------------


=[ Intro.
	
Simple plugin for the burp proxy 1.1/1.2 which stores the requests
in the metasploit/wmap database. At the moment only
sqlite3 is supported, I will add support for other databases
in later releases...


=[ Howto install/run.

1. Download burp proxy 1.2: http://portswigger.net/suite/burpsuite_v1.2.zip
2. Download SQLiteJDBC Jar: http://www.zentus.com/sqlitejdbc/
3. Copy sqlitejdbc-v054.jar and wmapplugin.jar into the burp proxy directory 
4. Run the following command:

   java -cp sqlitejdbc-v054.jar;burpsuite_v1.2.jar;wmap_plugin_v0.1-burp_v1.2.jar burp.StartBurp database=test.db   

   test.db is the name/path of your metasploit sqlite3 database file. You must create the db schema
   in the metasploit framework first (by using "db_create")   
	

=[ Questions/Answers


1. Can I use the burp spider to fill my WMAP request table?

   Sorry, no you can't. The reason is that the spider doesn't call implementations of the IBurpExtender
   interface. So you can only use the MITM Proxy. 


2. I found a bug, what can I do?
  
   You can send a description to spinbad.security@googlemail.com. I will try to fix it.

3. Is there a way to extend the stuff you wrote?
   Shure, I included the source code in the jar file. Feel free to use it.      

=[ EOF.