Feature request: integration with UI #4
Comments
|
Hi, it seems to me based on the GitHub description on the link you provided that it's based on my project, so I'm unsure whether anything needs to be merged. Shouldn't that other project be improved? Maybe ask @JGillam what he thinks? |
|
Yeah, I can't remember why I didn't just fork from @dnet's repo in the first place. I might have been looking for a quick fix at the time, or it could be that the changes with the different paradigms (i.e. recompiling each time) were complicating things. So question for @dnet - assuming we can find a graceful way to put a UI on this project, is that something you would even want to do? Or is having the separate compiled jars a desired feature? I'm a little swamped this week but I'll see what I can do when I free up some time. If this is a feature you would prefer, then I'll submit a pull request once done (assuming it can be done at least somewhat gracefully) and retire the other project. Otherwise, I'll just maintain the other project separately. |
|
I'd also prefer a GUI, I just used the configuration-class as a quick and dirty solution at the time, since I was already under time pressure, as it was needed for a security assessment project. So if you or anyone else submits a PR about this, I'd be really interested in reviewing and merging it! |
|
I am sure you can release it in Burp App store if you address the issues and provide with a good GUI. |
|
@irsdl just by looking at the screenshots on the link you sent (restclient), it seems that much of the functionality is covered by the Repeater tool itself in Burp and the message editor component used in several modules. Could you be more specific about what features should this plugin integrate from the Firefox addon you mentioned? |
|
Sorry for the delay; I have just seen this. I was talking about the header/authentication section of it to be honest. you need to install it to see it properly; it has options for OAuth1 and 2. |
|
Why would you need a plugin for OAuth 2? All the OAuth 2 APIs I've seen so far used bearer tokens, which avoids all the fuckery OAuth 1 signing causes, so Repeater and Scanner should work out of the box once you have a valid token. What am I missing here? |
|
I was just being greedy in having all options at once; the next option would be selecting proper token based on the domain and url. If you think this is useless for sec and dev guys, just ignore this. |
This has already been done here: https://github.com/JGillam/burp-oauther
It would be great to merge them and add additional UI features as necessary to it.
Alternatively, a config.xml (or properties file) can be used to keep the current configuration. So the extension reads it during load time.
The text was updated successfully, but these errors were encountered: