- Notifications
You must be signed in to change notification settings - Fork7
Burp Suite extension for Radamsa-powered fuzzing with Intruder
License
nscuro/bradamsa-ng
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
A Burp Suite extension for Radamsa-powered fuzzing with Intruder
bradamsa-ng is aBurp Suite extension that brings the power of the amazingRadamsa fuzzer to Intruder. It is heavilyinfluenced by the originalbradamsa byikkisoftand aims to fix some of its weaknesses while building upon its strengths.
One noteworthy feature ofbradamsa-ng is its support forWSL.
Radamsa is (understandably) not developed with Windows in mind, which means thatthere is no official support for it. There was a solution tobuild Radamsa using Cygwin,but it didn't reliably work for me - and there's simply no guarantee that it'll work forever.
With WSL however, we can compile and run Radamsa in its natural habitat - hell,we can even run it from the Windows host (echo "test" | wsl -d Ubuntu -e radamsa).Withbradamsa-ng, these new possibilities can now be leveraged in Burp.
- Java >= 8 (Burp >= 2.0.14 ships with OpenJDK 11)
- Burp Suite obviously
- Build the extension or download arelease
- Open Burp and navigate to theExtender tab
- ClickAdd
- In the dialog that just opened, select the extension typeJava
- ClickFind File and select your
bradamsa-ng-${version}-jar-with-dependencies.jar - ClickNext - that's it
bradamsa-ng tries to automatically detect aRadamsa binary in your$PATH. If this succeeds, you'llsee a message saying
Radamsa binary was found at /some/path/radamsa
in the extension'sOutput tab.
Likewise, when running on Windows and WSL is available, you'll either see
WSL is available, but no installed distributions have been found
or
WSL is available and the following distributions have been found: [Ubuntu, Kali]
depending on if WSL distributions are installed or not.
- Linux / macOS:
./mvnw clean package - Windows:
mvnw.cmd clean package
The installable extension JAR can now be found attarget/bradamsa-ng-${version}-jar-with-dependencies.jar
- In Intruder'sPayloads tab, select the payload typeExtension-generated:
- Next, choosebradamsa-ng as generator underPayload Options:
- Set the amount of payloads you want to generate in thebradamsa-ng tab underPayload Count
- All payloads will be generated before the first request is sent
- Start the Intruder attack
- Please note that theBattering Ram attack is not supported
Not implemented yet.
bradamsa-ng supports using Radamsa through Windows 10'sWindows Subsystem for Linux.
In order to take advantage of it, you need the following:
- Windows 10 with WSL installed
- Instructions to install WSL can be foundhere
- At least one installed WSL distribution (e.g.Ubuntu)
- Radamsa installed in at least one of the distributions
- Using
sudo make installwill make it easier forbradamsa-ng to find the Radamsa binary
- Using
- The extension will let you know if WSL is available on startup as mentioned inInstallation
- Switch to thebradamsa-ng tab and tick theEnable WSL mode checkbox
- Select the distribution whereRadamsa is installed in
- bradamsa-ng will attempt to automatically find a Radamsa binary in the selected distro's
$PATH- If this fails you can manually enter theabsolute path to the binaryinside the WSL distro
- At this point,bradamsa-ng will simply check if the entered value points to an existing fileor is a command that can be found in the distro's
$PATH
About
Burp Suite extension for Radamsa-powered fuzzing with Intruder