Compiling and Running Burp Extensions

Pre-requisite: You need to have JDK and Burp installed on your system.
Create a working directory called “burp_extension” and create the source file “BurpExtender.java” in the same directory. Here, in this example, the source file would contain both the above classes.

Create a directory called “burp” inside the directory “burp_extension” and copy the interface source code files i.e., IBurpExtenderCallbacks, IMenuItemHandler ,etc., provided by Burp. Your extension will look for these files in that path.

Also, make sure your “BurpExtender.java” file has this line to import burp package :-
Import burp.*;

Now, compile the BurpExtender.java file using javac and create a jar file out of both the class files generated by compilation.

D:\burp_extension>”C:\Program Files\Java\jdk1.6.0_29\bin\javac.exe” BurpExtender.java
D:\burp_extension>”C:\Program Files\Java\jdk1.6.0_29\bin\jar.exe” -cf burpextender.jar BurpExtender.class extendedMenuItem.class

Now, burpextender.jar has been generated in your working directory. Copy the burpsuite jar file into the same working directory and run it using this command:-

D:\burp_extension>java -Xmx512m -classpath burpextender.jar;burpsuite_pro_v1.4.04.jar burp.StartBurp

Injecting Shellcodes into processes....

Sometime ago, many security focused sites and mailing lists were abuzz with the release of a new tool called ShellCodeExec that has the ability to execute alpha numerically created shellcode (as commonly generated with the Metasploit Framework) the link to the tool can be found here.

Can be compiled and works on POSIX (Linux/Unices) and Windows systems.

Can be compiled and works on 32-bit and 64-bit architectures.

Works in DEP/NX-enabled environments: it allocates the memory page where it stores the shellcode as +rwx - Readable Writable and eXecutable.

It supports alphanumeric encoded payloads: you can pipe your binary-encoded shellcode (generated for instance with Metasploit's msfpayload) to Metasploit's msfencode to encode it with the alpha_mixed encoder.

Set the BufferRegister variable to EAX registry where the address in memory of the shellcode will be stored, to avoid get_pc() binary stub to be prepended to the shellcode.

Spawns a new thread where the shellcode is executed in a structure exception handler (SEH) so that if you wrap shellcodeexec into your own executable, it avoids the whole process to crash in case of unexpected behaviours.

After a search about that tool I found out also about another tool called  Syringe that seemed to work smoother!! with more options,  the link to the tool can be found here. Further reading to a cool blog found here, I found out about the  Syringe options and how to use them.....

Have a look:

C:\Documents and Settings\User\Desktop>syringe.exe
Syringe v1.2
A General Purpose DLL & Code Injection Utility

Usage:

Inject DLL:
syringe.exe -1 [ dll ] [ pid ]

Inject Shellcode:
syringe.exe -2 [ shellcode ] [ pid ]

Execute Shellcode:
syringe.exe -3 [ shellcode ]

And after an extensive research in the internet I found some interesting link about downloading ShellCodes with interesting features which you can find here. Have fun.............