Skip to content
/ stickyburp Public

A Burp Suite extension written in Kotlin that enables persistent sticky session handling in web application testing. Built with the Montoya API and modern Kotlin tooling.

License

AGPL-3.0 license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

GangGreenTemperTatum/stickyburp

BranchesTags

Repository files navigation

stickyburp

("Sticky Burp, Reusable and Replacable Environment Variables").. No more notes.txt! 🤙

A Burp Suite extension written in Kotlin that allows you to create and manage "stickies" (aka Environment Variables) from selected text across different Burp Suite panels. Think of this extension as the same functionality you get in an API testing and development tool to store variables with raw values that can be used across different views.




GitHub release (latest by date) GitHub stars GitHub license BApp Store

Report BugRequest Feature

Note BApp Store submission is currently in progress. Once approved, the extension will be available directly through Burp Suite's BApp Store.

Features

  • Sticky Management

    • Create and store stickies from any selected text in Burp Suite
    • Stickies store name, value, and source information
    • Replace the values in Repeater tab with the raw value of the previously saved sticky
    • Update existing stickies with new values and add your own notes
    • Copy stickies values to clipboard with right-click
    • Stickies can be colored for easier visibility and are by default colored
    • Stickies are persisted across projects even when burp is quit and reopened
    • Sort and order your stickies using the row sorting functionality

  • Context Menu Integration

    • Right-click selected text to create new stickies
    • Quick access to update existing stickies
    • Source tracking shows which HTTP request the stickies came from
    • Works in Burp tools for both HTTP Requests and Responses (Proxy, Repeater, Target (Site Map) etc.)

  • Dedicated UI Tab

    • Table view of all stored stickies
    • Shows stickies name, value, and source
    • Manual add/update functionality
    • Right-click menu for copying values
    • Visual feedback for all operations

  • Data Persistence

    • Stickies maintained throughout Burp Suite session and in project after quitting Burp
    • Easy to update and manage values
    • Protection against duplicate stickies names
    • Validation to prevent empty values

  • Hotkeys/Shortcuts (No more clicks!)

    • Automatically switch to the StickyBurp tab using "CMD"("Control" for Windows users)+"Shift"+"S"
    • Invoke the keys "CMD"("Control" for Windows users)+"Shift"+"A" to add a new Sticky

Demo

stickyburp v1.0.0 in action stickyburp in action!

stickyburp hotkeys demo stickyburp hotkeys demo

Screenshots

Proxy Tab Usage

stickyburp in Proxy Selecting and storing stickies from the Proxy tab

Repeater Tab Usage

stickyburp in Repeater Using stored stickies in Repeater requests

stickyburp Variable Replacement Quick stickies replacement in action

Stickies Tab Colorized Default

stickyburp table default coloring Default Stickies Coloring

Stickies Tab Colorized Custom

stickyburp coloring Custom Stickies Coloring

Stickies Tab Sorting Functionality

stickyburp tabs sorted stickyburp tabs sorted

Building

Prerequisites

  • JDK 21 or lower
  • Gradle (included via wrapper)

Build Steps (from source)

  1. Clone the repository:
git clone https://github.com/yourusername/stickyburp.git
cd stickyburp
  1. Build the extension:
./gradlew shadowJar

The compiled extension JAR will be available at:

build/libs/stickyburp-all.jar

Installation / Loading the extension

  1. Open Burp Suite
  2. Go to Extensions tab
  3. Click "Add" button
  4. Select "Extension type" as Java
  5. Click "Select file" and choose build/libs/stickyburp-all.jar
  6. Click "Next" to load the extension

Usage

  1. Creating Stickies:

    • Select any text in Burp Suite (Proxy, Repeater, etc.)
    • Right-click and choose "Add to stickyburp"
    • Enter a name for your variable
    • The variable will appear in the stickyburp tab

  2. Using Stickies:

    • Go to the stickyburp tab to view all stored stickies
    • Click on a variable to copy its value
    • Use copied values in any Burp Suite tool (Repeater, Intruder, etc.)
    • Use quick replace to swap values in requests

  3. Managing Stickies:

    • View all stickies in the table
    • See the source of each variable
    • Copy values directly from the table
    • Add new stickies manually if needed

Contributing and Supporting

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add some amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

GitHub stars

Star History

Star History Chart

Development

Core Functionality:

  • StickyVariable.kt: Data class representing variables with name, value, and source
  • StickyBurpTab.kt: Main UI component managing the variable table and operations
  • StickyBurpContextMenu.kt: Context menu integration for variable operations
  • StickyBurpHttpHandler.kt: HTTP request/response handler for variable replacement
  • StickyBurpExtension.kt: Main extension entry point and initialization

Want to contribute? Check out our feature request template for ideas or to propose new functionality!

The project uses Gradle with Kotlin for building and testing.

About

A Burp Suite extension written in Kotlin that enables persistent sticky session handling in web application testing. Built with the Montoya API and modern Kotlin tooling.

Topics

hacking hacking-tool burpsuite websecurity web-security-research burpsuite-extension api-hacking hacking-apis

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 4

v1.0.3 Latest
Dec 30, 2024
+ 3 releases

Contributors 2

Languages