First commit

Author: floyd-fuh

BappDescription.html

@@ -0,0 +1,28 @@
+<h2>5# Scan Controller</h2>
+Author: Tobias "floyd" Ospelt, @floyd_ch, http://www.floyd.ch<br>
+Pentagrid AG, 5#, https://www.pentagrid.ch
+<h3>Improve Automated and Semi-Automated Active Scanning</h3>
+Active Scanning might often do things that don't make any sense, such as scanning GET requests to .js files or scanning non-repeatable request.
+This extension allows to filter and preprocess according to your needs. It tries to check if a request is repeatable or not. If a request is not repeatable, it tries to make them repeatable by injecting Hackvertor tags. The extension doesn't try to be perfect, but useful. It cuts corners and in some cases simply doesn't scan certain requests. However, the extension individually displays and explains all decisions, allowing you to change the settings if you don't like the behavior. It's a better "Actively scan all in-scope traffic through Proxy".
+<h3>Features</h3>
+<ul>
+<li>Everything configurable (interesting/uninteresting, blacklisting requests, etc.)</li>
+<li>Check repeatability of requests and try to make them repeatable</li>
+</ul>
+<h3>Howto use this extension</h3>
+Usage is very simple:
+<ul>
+<li>Add the website you test to the scope</li>
+<li>Enable "Proxy requests" in the tab/section "Scan - Options - Requests to process"</li>
+<li>Browse the web application (proxy) by using the Burp builtin browser.</li>
+<li>Check back on the $tabName tab and see which request have been active scanned. Check those<br>
+that have a high "Interesting" rating but haven't been scanned ("Scanned" column set to false)</li>
+<li>See the Dashboard for Active Scan findings</li>
+<li>It's always good to sort by the reason column in the UI and check the different reasons.</li>
+</ul>
+<h3>Performance discussion</h3>
+Improves performance by not sending everything to active scan. 
+<h3>Ideas for future improvements</h3>
+<ul>
+<li>Let me know if you think of any improvements: tobias at pentagrid dot ch.</li>
+</ul>

BappManifest.bmf

@@ -0,0 +1,13 @@
+Uuid: 
+ExtensionType: 1
+Name: 5# Scan Controller
+RepoName: PentagridScanController
+ScreenVersion: 0.1
+SerialVersion: 1
+MinPlatformVersion: 0
+ProOnly: True
+Author: Tobias "floyd" Ospelt, Pentagrid AG
+ShortDescription: Improve automated and semi-automated active scanning
+EntryPoint: build/libs/PentagridScanController-0.1.jar
+BuildCommand: ./gradlew jar
+SupportedProducts: Pro

META-INF/MANIFEST.MF

@@ -0,0 +1,2 @@
+Manifest-Version: 1.0
+Main-Class: burp.BurpExtender

README.md

@@ -0,0 +1,30 @@
+# PentagridScanController
+Improve automated and semi-automated active scanning for BurpSuite<br>
+
+Author: Tobias "floyd" Ospelt, @floyd_ch, http://www.floyd.ch<br>
+
+Pentagrid AG, 5#, https://www.pentagrid.ch
+
+# Compiling
+
+`gradle clean build jar`
+
+# Improve Automated and Semi-Automated Active Scanning
+Active Scanning might often do things that don't make any sense, such as scanning GET requests to .js files or scanning non-repeatable request. This extension allows to filter and preprocess according to your needs. It tries to check if a request is repeatable or not. If a request is not repeatable, it tries to make them repeatable by injecting Hackvertor tags. The extension doesn't try to be perfect, but useful. It cuts corners and in some cases simply doesn't scan certain requests. However, the extension individually displays and explains all decisions, allowing you to change the settings if you don't like the behavior. It's a better "Actively scan all in-scope traffic through Proxy".
+
+# Howto use this extension
+Usage is very simple:
+* Add the website you test to the scope
+* Enable "Proxy requests" in the tab/section "Scan - Options - Requests to process"
+* Browse the web application (proxy) by using the Burp builtin browser.
+* Check back on the $tabName tab and see which request have been active scanned. Check those that have a high "Interesting" rating but haven't been scanned ("Scanned" column set to false)
+* See the Dashboard for Active Scan findings
+* It's always good to sort by the reason column in the UI and check the different reasons.
+
+# Performance discussion
+Improves performance by not sending everything to active scan. 
+
+# Ideas for future improvements
+
+* Let me know if you think of any other improvements on the issues tab
+

build.gradle.kts

@@ -0,0 +1,45 @@
+import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
+
+plugins {
+    java
+    kotlin("jvm") version "1.5.31"
+    kotlin("plugin.serialization") version "1.5.31"
+}
+
+group = "me.user"
+version = "0.1"
+
+//Klaxon needs at least version 11
+java.sourceCompatibility = JavaVersion.VERSION_11
+java.targetCompatibility = JavaVersion.VERSION_11
+
+repositories {
+    mavenCentral()
+}
+
+
+dependencies {
+    // https://mvnrepository.com/artifact/net.portswigger.burp.extender/burp-extender-api
+    //implementation("net.portswigger.burp.extender:burp-extender-api:2.3")
+    implementation(kotlin("stdlib", org.jetbrains.kotlin.config.KotlinCompilerVersion.VERSION))
+    implementation("org.jetbrains.kotlinx:kotlinx-serialization-runtime:0.20.0")
+    implementation("org.jetbrains.kotlinx:kotlinx-serialization-json:1.3.2")
+    implementation("com.beust:klaxon:5.6")
+}
+
+tasks.withType<KotlinCompile> {
+    //Klaxon needs at least version 11
+    kotlinOptions.jvmTarget = "11"
+}
+
+tasks.withType<Jar> {
+    duplicatesStrategy = DuplicatesStrategy.EXCLUDE
+    manifest {
+        attributes["Main-Class"] = "ch.pentagrid.burpexts.pentagridscancontroller.BurpExtender"
+    }
+    from(sourceSets.main.get().output)
+    dependsOn(configurations.runtimeClasspath)
+    from({
+        configurations.runtimeClasspath.get().filter { it.name.endsWith("jar") }.map { zipTree(it) }
+    })
+}

gradle.properties

@@ -0,0 +1 @@
+kotlin.code.style=official

releases/PentagridScanController-0.1.jar

@@ -0,0 +1 @@
+rootProject.name = "PentagridScanController"