Go to file

Sebastien Dudek b882a90eaf Fixing removed tabs bug		2021-07-20 21:20:05 +02:00
images	Updating screenshots	2021-07-20 21:11:18 +02:00
utils	Reorganizing the code + Swagger browsing and clear-all buttons added	2021-07-20 21:08:40 +02:00
5GC_API_parse.py	Fixing removed tabs bug	2021-07-20 21:20:05 +02:00
LICENSE	Initial commit	2021-07-18 11:17:02 +02:00
README.md	Updating README	2021-07-20 12:58:34 +02:00
__init__.py	Reorganizing the code + Swagger browsing and clear-all buttons added	2021-07-20 21:08:40 +02:00

README.md

5GC_API_parse

Description

5GC API parse is a BurpSuite extension allowing to assess 5G core network network function, by parsing the OpenAPI 3.0 not supported by previous OpenAPI extension in Burp, and generating requests for intrusion tests purposes.

Installation

Jython installation (required)

Download Jython 2.7.x Installer Jar from https://www.jython.org/download
Install Jython by default:

java -jar jython-installer-2.7.2.jar

Download PyYAML from https://github.com/yaml/pyyaml
Install PyYAML:

./jython PyYAML-5.4.1/setup.py install

Open Burp on Extender / Options
In Python Environment, set the location of the Jython JAR to the installed one

5GC API parse

git clone 'https://github.com/PentHertz/5GC_API_parse.git' <installation_folder>
Open Burp on Extender/ Extensions
Click Add
Set Extension type as Python
Set Extension file to <installation_folder>/5GC_API_parse.py
Click Next
The addon is now installed, a new tab named 5GC API parse should appear

Usage

Just provide a target address with URL scheme, a port number and a OpenAPI 3.0 file you want to process and voilà:

You are ready to use it in the repeater, intruder to fuzz, etc.

Change log

1.1 (07/20/2021): Fixing errors in headers and adapting default values to actual 5G core
1.0 (05/20/2021): Initial release