Setting up the Ruby environment for Burp Extensions

  1. Download a stable version of JRuby from JRuby Downloads

  2. Select the jar for Linux (JRuby x.x.x Complete .jar) or Executable for Windows.

  3. Import the environment from Burp Suite >> Extender >> Options >> Ruby Environment.

Import the Burp Suite Extender Core API IBurpExtender

alert.rb
require 'java'
java_import 'burp.IBurpExtender'
class BurpExtender
include IBurpExtender
def registerExtenderCallbacks(callbacks)
callbacks.setExtensionName("Rubyfu Alert!")
callbacks.issueAlert("Alert: Ruby goes evil!")
end
end

Load the plugin alert.rb

Check Alerts tab

Burp Suite Extension in Ruby template initiative

As Rubyfu project keeps groing, we've decided to develope our vesion of make a solid place for Ruby in the information security community. We've deceided to build a repository that makes building a Burp Suite extension in Ruby is very easy and understandable. Repository link

Buby

Buby is a mashup of JRuby with the popular commercial web security testing tool Burp Suite from PortSwigger. Burp is driven from and tied to JRuby with a Java extension using the BurpExtender API. This extension aims to add Ruby scriptability to Burp Suite with an interface comparable to the Burp's pure Java extension interface.

Resources

  • Burp Suite Extender API Documentations [ link ]

  • Step by step Ruby-based Burp Extension for JSON Encryption/Decryption [ Part 1 | Part 2 ]

  • Buby [ website | rdoc ]

  • Extensions written in Ruby [ WhatThWAF ]

  • Burp suite Scripting with Buby [ Link ]