Coder Social home page Coder Social logo

summitt / nope-proxy Goto Github PK

View Code? Open in Web Editor NEW
1.5K 59.0 236.0 1.25 MB

TCP/UDP Non-HTTP Proxy Extension (NoPE) for Burp Suite.

Java 100.00%
appsec appsecurity burp-extensions burp-plugin burpsuite burpsuite-extender hacking mitmproxy pentesting protobuf

nope-proxy's People

Contributors

jfish7 avatar jnchi avatar summitt avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

nope-proxy's Issues

What java version does it support?

I run Burp on:

# cat /etc/issue
Kali GNU/Linux 2.0 \n \l

# uname -a
Linux burpbox 4.0.0-kali1-686-pae #1 SMP Debian 4.0.4-1+kali2 (2015-06-03) i686 GNU/Linux

# java -version
java version "1.7.0_79"
OpenJDK Runtime Environment (IcedTea 2.5.6) (7u79-2.5.6-1~deb8u1)
OpenJDK Server VM (build 24.79-b02, mixed mode)

And get this when loading extension:

java.lang.UnsupportedClassVersionError: burp/BurpExtender : Unsupported major.minor version 52.0
    at java.lang.ClassLoader.defineClass1(Native Method)
    at java.lang.ClassLoader.defineClass(ClassLoader.java:800)
    at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
    at java.net.URLClassLoader.defineClass(URLClassLoader.java:449)
    at java.net.URLClassLoader.access$100(URLClassLoader.java:71)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Class.java:274)
    at burp.mdh.a(Unknown Source)
    at burp.mdh.<init>(Unknown Source)
    at burp.w6f.a(Unknown Source)
    at burp.n1d.run(Unknown Source)
    at java.lang.Thread.run(Thread.java:745)

What versions of java are supported?

Spoof ONLY DNS entries listed in the hosts file

If I understand it right, the "Use the above 'DNS Response IP' ..." checkbox makes all DNS responses return the IP address listed in the "DNS Response Ip" field, except for those for which there is a record in the "Custom Hosts file".

Is there instead a way of making NoPE return real DNS entries except for those domains listed in the hosts file?

So if my hosts file contains

15.15.15.15  a.a.a.a
16.16.16.16  b.b.b.b

I'd like NoPE to return 15.15.15.15 for a.a.a.a (and similarly for b.b.b.b), but for all other domains, I'd like it to return the actual IP by calling an actual resolver.

Could not run extention in burp.

How do I run this extension in burp ? I tried adding on adding burpextender.java in burp extender tab but I get following error:

java.lang.ClassNotFoundException: burp.BurpExtender
at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:274)
at burp.poe.a(Unknown Source)
at burp.poe.(Unknown Source)
at burp.prg.a(Unknown Source)
at burp.hdc.run(Unknown Source)
at java.lang.Thread.run(Thread.java:745)

Error Can't select the Proxy Settings

java.lang.ClassCastException: java.lang.String cannot be cast to java.lang.Integer
at josh.ui.NonHttpUI$11.tableChanged(NonHttpUI.java:606)
at javax.swing.table.AbstractTableModel.fireTableChanged(AbstractTableModel.java:296)
at javax.swing.table.AbstractTableModel.fireTableCellUpdated(AbstractTableModel.java:275)
at javax.swing.table.DefaultTableModel.setValueAt(DefaultTableModel.java:666)
at javax.swing.JTable.setValueAt(JTable.java:2741)
at javax.swing.JTable.editingStopped(JTable.java:4723)
at javax.swing.AbstractCellEditor.fireEditingStopped(AbstractCellEditor.java:141)
at javax.swing.DefaultCellEditor$EditorDelegate.stopCellEditing(DefaultCellEditor.java:368)
at javax.swing.DefaultCellEditor.stopCellEditing(Def

DNS server does not start on OSX Catalina

Hello,

I am running Burp Suite as root on OSX Catalina. After starting the server on port 53, I could not get any data in the DNS history. After checking the currently used ports, I saw that there is not any app listening on this port. I tried changing the port to something else (like 5353) but still no app listening. I tried to run the Burp's proxy on this port, and it could listen on this port without problem, so I am pretty sure Burp does have every privileges needed.

I am pretty new to using Burp suite, but I can add more information if you tell me what you need.

Thanks.

port monitor isnt working

hi sir
i configured dns and get dns history but port monitor isnt working
and interception isnt working

Python output issue

right now the python output, compile issues, and debug messages are not showing up in the right scroll bar beside the python mangler. currently troubleshooting to find root cause.

Plugin not working keeps getting nullpointers

java.lang.NullPointerException
at josh.utils.Lister$1.gotPacket(Lister.java:70)
at org.pcap4j.core.PcapHandle$GotPacketFuncExecutor.lambda$got_packet$0(PcapHandle.java:1254)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
at java.base/java.lang.Thread.run(Thread.java:832)

The above is the stack trace I dont know what to do is there like a specific pcap version or configuration i need to have?

Am running windows 10

Could not compile it

Hello,

the code is not compiling successful on maven / kali OS by default.
I think the pom.xml is missing json simple and jython depedency.

Also if you want to add the extension to Burp, it needs to be in jar format right ? the Burpextender class has no void public main function. What am I missing here to compile it ?

Thanks

Nope intercepts HTTPS (DNS) request but the proxy doesn't

Hi,
I'm sorry for my english.
Through the DNS interceptor I can see a request for the domain X but when I look through the proxy I can't find it.
Also when I use burp without Nope proxy the app works but when I enable Nope it doesn't.
I really appreciate any kind of help.

P.S. I use frida to bypass the ssl pinning.

App Freeze on Install | macOS 10.15.7 (19H2) Darwin 19.6.0 | BIND Port 53

RESOLVED - On MAC OSX macOS 10.15.7 (19H2) Darwin 19.6.0 when using BIND 9.16.7 (Stable Release) on Port 53; the NOPE Application will freeze during install when BIND is already listing on Port 53.

FIX : kill -9 bind before install of NOPE

Suggestion would be to allow for soft install/load of NOPE and then pop a config note to use alternate port...

Looks awesome btw!!

Add a 'Donate' Button ๐Ÿ‘

SOCKS Support

First off, this is an amazing extension. One feature that would be useful is if it supported the SOCKS Proxy option in Burp. I currently have a SOCKS Proxy set up, but monitoring my traffic shows that the NoPE Proxy is sending traffic directly from my host to the server without using the SOCKS Proxy.

Thanks again for this.

Port monitoring not working

Hi,
Thanks for the great tool first of all..
The port monitoring feature does not work, can you support it?

10x

Support for Ruby

Hi
Thanks for making this extraordinary extension available.
Would please add a support for ruby mangler and traffic manipulation?

Thank!

No Support for Java 9 -

The current version of NoPE (commit d9c7d51 ) does not appear to support oracle JDK / JRE 9 (tested 9.0.4). The extension loads in burp 1.7.32 but the NoPE tab does not display in the UI and no errors are displayed.

After lots of trial and error / troubleshooting I isolated the issue to the use of Java 9 (9.0.4). The issue does not occur when the current Java 8 (8u162) JRE is used

Flagged as in issue to hopefully save others the time that I sunk into this today :)

Compilation error

I am not an expert with software development so I did some research on the Internet and identified that this requires Maven to build the package. however, when using Maven to compile the package, i am getting the following errors:

ailed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.3:compile (default-compile) on project NonHTTPProxy: Compilation failure [ERROR] /home/rameez/Downloads/Burp-Non-HTTP-Extension-master/NonHTTPProxy/src/josh/utils/Lister.java:[64,46] <anonymous josh.utils.Lister$1> is not abstract and does not override abstract method gotPacket(org.pcap4j.core.PcapPacket) in org.pcap4j.core.PacketListener [ERROR] [ERROR] -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException

Can somebody help me here?

Non-HTTP Proxy settings do not persist

I am not sure if this is a bug or missing functionality, but the Non-HTTP Proxy settings do not persist when Burp is closed and re-opened.

Java JRE:
openjdk version "1.8.0_91"
OpenJDK Runtime Environment (build 1.8.0_91-8u91-b14-3ubuntu1~16.04.1-b14)
OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)

Burp 1.7.05

Not working? What am i doing wrong?

I'm trying to get this work on my android device by following this tutorial.
i follow every step on it, but i dont see any content on "DNS History" tab.
Im currently using burpsuite 1.7.32 with jre1.8.0_162
any clue?

SSL Handshake error.

Some part of my mobile app runs on a slight different protocol ( not ideal HTTPS ) though it uses port 443, I tried your tool I got the domain to which it is making connection but am getting SSL connection error , installed the .p12 certificate as well which was suggested. Are any special changes to be made to my mobile device. Please let me know it will be great help.

Issue with self signed certs for c2s communication?

Could be an issue with my setup but I'm not sure here.

java.util.ConcurrentModificationException
        at java.util.HashMap$HashIterator.nextNode(HashMap.java:1437)
        at java.util.HashMap$KeyIterator.next(HashMap.java:1461)
        at josh.nonHttp.GenericMiTMServer.Closed(GenericMiTMServer.java:434)
        at josh.nonHttp.SendData.SendClosedEventTrigger(SendData.java:81)
        at josh.nonHttp.SendData.run(SendData.java:317)
        at java.lang.Thread.run(Thread.java:745)
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

No activity on DNS History, two diff OS's

Hi. I'm using a jailbroken iOS 9.0.5 ios device for pentesting and set the dns to the ip of the interface where I was hosting burp. I tried this on a MacBook and a Win 10 machine.

On both I say no DNS history stream. I am using Version 1.5, downloaded Nov 13th. By Burp on OSX is 1.7.27 and on Win10 is 1.7.26

The custom-app I was looking at just says there was a timeout, but not further explanation without getting into some low level debugging that I was reluctant to dive into. The app loads normal http content, apparently just not the non-http communication. But in all cases, not DNS History information is populated.

Work around that got things working:

  • installed and run latest wireshark, not sure if that contributed to issue. However, using that I saw that device was looking for port 53, not default 5353 and changing to port 53, started seeing activity per specifications.
  • And I also had disabled all Symantec services on my Windows 10 related to firewalling and things it was doing to 'help me' but likely was hurting me.

port monitor doesn't work on mac

mac:10.15
burp:burp suite community edition 2020.12.1
java:openjdk 11.0.9.1
I have already installed libpcap through brew install libpcap. And I can receive the dns history on the left window, but there is nothing on the right window(port monitor).Just like that:

anyone has the same situation? please help me,thanks~

am i right for ssl ?

Hi,Josh summitt, when i use Burp-Non-HTTP-Extension as the wiki
Basic Set Up for mobile testing. (testing on two machines) ,everything works fine but for ssl .
and i have already installed burpCA in my iphone ,and trust it . when i use iphone view http ,it work,but don not work for https .Looking forward to your reply.

No stream in proxy tab

Hi,
Below are my configurations that I've configured after installing extenstion to my burpsuit

Local DNS = 127.0.0.1
Current IP address = number of adapter that connects between application and server
server address : REMOTE_SERVER_IP ,
server port = SERVER_LISTENING_PORT
listen port = RANDOM_PORT
Checked "DNS Response IP " on
Clicked plus Sign and play button.

unfortunately, nothing happened other than seeing dns traffic in DNS tab.
I can't intercept TCP stream or even see the traffic in proxy history.

My burp suit version : 1.7.19
My operating system : windows 10
My java version : 1.8.0_121
My application is written with C#, i've even tried another java app but not working too.

Can you help me please.

Thanks

Non-HTTP Proxy Listeners

It seems that the extension has issues with enabling more than 2 listeners to the to the non-proxy options under server config. I can add numerous non-http proxy listeners, but i can only enable 2 (rarely 3).

If i click on the enable checkbox, nothing happens. It does select the row, but the checkbox does not become enabled.

error while adding to burp

when i try to add it to burp i get the following error:

java.lang.OutOfMemoryError: Java heap space
at java.util.Arrays.copyOf(Arrays.java:2271)
at java.io.ByteArrayOutputStream.grow(ByteArrayOutputStream.java:113)
at java.io.ByteArrayOutputStream.ensureCapacity(ByteArrayOutputStream.java:93)
at java.io.ByteArrayOutputStream.write(ByteArrayOutputStream.java:140)
at burp.iud.a(Unknown Source)
at burp.mlf.(Unknown Source)
at burp.bld.a(Unknown Source)
at burp.u1b.run(Unknown Source)
at java.lang.Thread.run(Thread.java:722)

i tried to start burp with following option but i get the same error:
java -XX:MaxPermSize=1G -jar burp.jar

Unable to enable or remove Non-HTTP proxies on occassion

The list of Non-HTTP proxies sometimes does not allow me to remove or enable proxies. A restart is required so that they can be added again.

Java JRE:
openjdk version "1.8.0_91"
OpenJDK Runtime Environment (build 1.8.0_91-8u91-b14-3ubuntu1~16.04.1-b14)
OpenJDK 64-Bit Server VM (build 25.91-b14, mixed mode)

Burp 1.7.05

Not really an issue

Would you please be able to provide a bit more guidance on how to set this up in burp? I tried installing the java file in the burp folder through burp extender, but that fails

DNS what?

I'd like to ask if im dumb.. or if it's an issue :D
I cannot get this working properly. In the first case i tried to forward the DNS requests to my router, but that doesen't seems to be working. Every time i try to open a page with configuration as follows:
/-------------------------------------------------------------------------------------/
NoPE proxy DNS Response IP: IP of my machine;
NoPE proxy interface selected: en0;
NoPE proxy port:53;

OS DNS server: IP of my machine -> this does not work because my machine is not a dns server ;
and some usual OS HTTP & HTTPS to Burp (8080)
/-------------------------------------------------------------------------------------/
So im asking if it is possible to somehow get this working.. In best scenario even without messing with the dns entirely...
If not, am i supposed to create some sort of DNS service on my machine? Or forward the DNS queries to the router and then interpret them back?
When i open some page, theres the Burp Suite error message: Not reachable (or something);
Trying to intercept traffic from just one machine, not any other.
MacOS - Big Sur

Looks like a really handy tool but cannot get this to work normally :(
Thanks<3

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.