Piper

Piper integrates external tools and command-line programs into Burp Suite through configurable pipelines. The extension passes HTTP requests and responses to external programs and feeds the execution results back into Burp, enabling Unix-style tool composition without writing Java extensions.

Features

• Add custom message viewers that format HTTP content using external programs (e.g., render Protobuf with protoc)
• Generate and process Intruder payloads with external tools like John the Ripper or custom scripts
• Highlight and comment on proxy items based on output from command-line programs (e.g., hash requests with sha256sum)
• Transform HTTP messages with custom encryption or encoding through external Python scripts
• Invoke external tools from context menus, such as diff utilities for comparing requests
• Configure tool pipelines in any language that accepts stdin input or command-line parameters
• Export and import configurations in YAML format for sharing and reuse

Usage

1. Open the Piper tab and configure a tool by specifying its command line and integration type (message viewer, commentator, highlighter, context menu item, payload generator, payload processor, HTTP listener, or macro)
2. Enable the configuration using the toggle button in the interface
3. Access the integration from the relevant Burp context (e.g., Proxy History for commentators and highlighters, message editor tabs for custom viewers, Intruder for payload tools)
4. View output in the designated location based on tool type: comments appear in Proxy History, message viewers add new editor tabs, and HTTP listeners transform messages in transit
5. Optionally export configurations to YAML files for sharing

Note: Review imported configurations carefully before enabling them.