metasploit-framework/external/burp-proxy
et 34c0b3a2fa Added Burp Proxy v1.x support for Wmap by Spinbad
git-svn-id: file:///home/svn/framework3/trunk@6132 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-12 02:57:19 +00:00
..
readme.txt Added Burp Proxy v1.x support for Wmap by Spinbad 2009-01-12 02:57:19 +00:00
wmap_plugin_v0.1-burp_v1.1.jar Added Burp Proxy v1.x support for Wmap by Spinbad 2009-01-12 02:57:19 +00:00
wmap_plugin_v0.1-burp_v1.2.jar Added Burp Proxy v1.x support for Wmap by Spinbad 2009-01-12 02:57:19 +00:00

readme.txt

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

=[Burp proxy WMAP Plugin				                     spinbad.security@googlemail.com 
------------------------------------------------------------------------------------------------------------


=[ Intro.
	
Simple plugin for the burp proxy 1.1/1.2 which stores the requests
in the metasploit/wmap database. At the moment only
sqlite3 is supported, I will add support for other databases
in later releases...


=[ Howto install/run.

1. Download burp proxy 1.2: http://portswigger.net/suite/burpsuite_v1.2.zip
2. Download SQLiteJDBC Jar: http://www.zentus.com/sqlitejdbc/
3. Copy sqlitejdbc-v054.jar and wmapplugin.jar into the burp proxy directory 
4. Run the following command:

   java -cp sqlitejdbc-v054.jar;burpsuite_v1.2.jar;wmap_plugin_v0.1-burp_v1.2.jar burp.StartBurp database=test.db   

   test.db is the name/path of your metasploit sqlite3 database file. You must create the db schema
   in the metasploit framework first (by using "db_create")   
	

=[ Questions/Answers


1. Can I use the burp spider to fill my WMAP request table?

   Sorry, no you can't. The reason is that the spider doesn't call implementations of the IBurpExtender
   interface. So you can only use the MITM Proxy. 


2. I found a bug, what can I do?
  
   You can send a description to spinbad.security@googlemail.com. I will try to fix it.

3. Is there a way to extend the stuff you wrote?
   Shure, I included the source code in the jar file. Feel free to use it.      

=[ EOF.