govtech-csg / autowasp Goto Github PK
View Code? Open in Web Editor NEWBurpSuite Extension: A one-stop pen testing checklist and logger tool
License: MIT License
BurpSuite Extension: A one-stop pen testing checklist and logger tool
License: MIT License
Hi - Thank you for developing Autowasp. Would it be possible to add a search box in your extension? It would act like the search box in Burp's extensions store. That way I could filter test cases by type, say only display those related to Configuration or only those related to Authorization, etc.
Hi folks! First off awesome job with this extension, it solves a gap in the pentesters flow and it's really well documented.
I have a couple of suggestions, which I'd love to be added. The first is adding a "Done" column, equal to the "To Exclude". Basically this would allow us to keep track of what tests have been done and complement the excluded tests very nicely.
The second one would be adding a host column. I assume this is much more tricky and probably not for everyone. But personally, when testing a target I have multiple targets/hosts. As such, for me to cover everything I need to distinguish the tests done in one host for another. With that host tab, I could make sure that all the tests were done and covered in all of the scope. I'm not sure the best way to implement this - e.g. duplicating the checklist items for every host in scope to test, or being able to duplicate only some items, or simply making the host column a text input where we could manually write the targets we tested.
Very crude mockup:
Thanks and keep up the good work!
hi there ,
add a feature like add own checklist and import ,export my checklist
Hello,
I faced with issue while installing the extension. The error is
java.lang.NullPointerException: Cannot invoke "burp.IBurpCollaboratorClientContext.generatePayload(boolean)" because "this.extender.iBurpCollaboratorClientContext" is null
at autowasp.logger.TrafficLogic.<init>(TrafficLogic.java:69)
at autowasp.Autowasp.registerExtenderCallbacks(Autowasp.java:98)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:564)
at burp.amj.lambda$registerExtenderCallbacks$0(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
at java.base/java.lang.Thread.run(Thread.java:832)
How can I fix it? I've tried to install extension through BApp Store, compiling and adding compiled file and adding pre-compiled file.
Perceived Issue: Autowasp is unable to be loaded without Collaborator
Burp Version: Professional v2021.3.1
Error message:
java.lang.IllegalStateException: Burp Collaborator is disabled in the Project options at burp.b8i.a(Unknown Source) at burp.b8i.generatePayload(Unknown Source) at burp.aq8.generatePayload(Unknown Source) at autowasp.logger.TrafficLogic.<init>(TrafficLogic.java:69) at autowasp.Autowasp.registerExtenderCallbacks(Autowasp.java:98) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:64) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:564) at burp.bza.lambda$registerExtenderCallbacks$0(Unknown Source) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) at java.base/java.lang.Thread.run(Thread.java:832)
Needing Collaborator for some features is known via Dev response
Desired/Expected State: Able to load and use Autowasp without Collaborator
Hi,
Firstly, awesome project, but is there a way that you also include a column for the ignored and completed test cases in the XLSX export?
Thank you
Hi,
I found that the plugin generates unwanted/superfluous network traffic. With the plugin enabled Burp sends additional (sometimes invalid) packets to the target when submitting HTTP POST requests. The extra packets are not logged by Burp but can be confirmed with packet capture.
Requirements:
Reproduce:
Cheers.
First-off, when installing the extension via BAPP, the extension can't reach the checklist online. Thus, using the local checklist is not good because it is from 2021, while the latest one is from 2 months ago: https://github.com/OWASP/wstg/blob/master/checklists/checklist.xlsx
Hi,
I am able to save project (or at least some file can be automatically generated - autowasp_project.ser), but the project cannot be loaded then. There is no error message in Burp UI neither in console.
Tried installation via Extender and downloading Autowasp_v1.0.1.jar manually - the same result.
I use Burp 2021.8.4 Pro.
Thanks
Michal
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.