stickyburp

<div align="center"> <img src="public/images/stickyburp.png" width="200" height="200" align="center" style="margin-right: 12px"/>

Sticky Burp, Reusable and Replacable Environment Variables .. Use native burp notes, no more notes.txt! 🤙

Report Bug • Request Feature

Note StickyBurp is now available via the bAPP store! 🥳

<br> <br> </div>

StickyBurp is a Burp Suite extension that allows you to create and manage "stickies" (aka Global per-project Environment Variables) from highlighted/selected text across different Burp Suite tabs (think of this extension as the same functionality you get in an API testing and development tool to store variables with raw values that can be used across different views).

This functionality gives you the power to easily store variables in a table and then replace existing payload contents with these variables (ie, in the Repeater or Intruder tab). Common example use-cases for storing and replacing are:

• Exploit Server URL / Collaborator URL
• Authentication tokens/cookies (ie similar to manually testing autorize)
• UUIDs, user accounts, emails/PII etc.
• Dynamically created content from an application's response
  • IE SECRET_TOKEN values (see lab Lab: Exploiting PHP deserialization with a pre-built gadget chain)

Simply highlight the payload content, right-click and either add, update or replace: (skip to the demo usage)

stickyburp simple use-cases!

---

ToC

• stickyburp
• ToC
  • Features
  • Demo
  • Screenshots
    • Proxy Tab Usage
    • Repeater Tab Usage
    • Stickies Tab Colorized Default
    • Stickies Tab Colorized Custom
    • Stickies Tab Sorting Functionality
  • Building
    • Prerequisites
    • Build Steps (from source)
  • Installation / Loading the extension
    • bAPP Store (easiest)
    • From Source
  • Usage
  • Contributing and Supporting
    • Star History
  • Development

Features

• Sticky Management

  • Create and store stickies (AKA global environment variables) from any selected text in Burp Suite request/response panes
  • Stickies store name, value, source information and your own notes
  • Replace the values in Repeater tab with the raw value of the previously saved sticky
  • Copy stickies values to clipboard with right-click
  • Stickies can be colored for easier visibility and are by default colored
  • Stickies are persisted across projects even when burp is quit and reopened

• Context Menu Integration

  • Right-click selected text to create new stickies
  • Quick access to update existing stickies
  • Source tracking shows which HTTP request the stickies came from
  • Works in Burp tools for both HTTP Requests and Responses (Proxy, Repeater, Target (Site Map) etc.)

• Dedicated UI Tab

  • Table view of all stored stickies
  • Shows stickies name, value, source and your notes

• Hotkeys/Shortcuts (No more clicks!)

  • Automatically switch to the StickyBurp tab using "CMD"("Control" for Windows users)+"Shift"+"S"
  • Invoke the keys "CMD"("Control" for Windows users)+"Shift"+"A" to add a new Sticky

Demo

stickyburp in the ginandjuiceshop! https://x.com/BApp_Store/status/1907776363974590626

stickyburp in action!

stickyburp hotkeys demo

Screenshots

Proxy Tab Usage

Selecting and storing stickies from the Proxy tab

Repeater Tab Usage

Using stored stickies in Repeater requests

Quick stickies replacement in action

Stickies Tab Colorized Default

Default Stickies Coloring

Stickies Tab Colorized Custom

Custom Stickies Coloring

Stickies Tab Sorting Functionality

stickyburp tabs sorted

---

Building

Prerequisites

• JDK 21 or lower
• Gradle (included via wrapper)

Build Steps (from source)

1. Clone the repository:

git clone https://github.com/yourusername/stickyburp.git
cd stickyburp

2. Build the extension:

./gradlew shadowJar

The compiled extension JAR will be available at:

build/libs/stickyburp-all.jar

---

Installation / Loading the extension

bAPP Store (easiest)

• bAPP Store Entry -> https://portswigger.net/bappstore/a1d3ab3c46834b60b8c95ecdb481d8c7
• PortSwigger Fork -> https://github.com/portswigger/sticky-burp

<br>

From Source

1. Open Burp Suite
2. Go to Extensions tab
3. Click "Add" button
4. Select "Extension type" as Java
5. Click "Select file" and choose build/libs/stickyburp-all.jar
6. Click "Next" to load the extension

---

Usage

1. Creating Stickies:

   • Select any text in Burp Suite (Proxy, Repeater, etc.)
   • Right-click and choose "Add to stickyburp"
   • Enter a name for your variable
   • The variable will appear in the stickyburp tab

2. Using Stickies:

   • Go to the stickyburp tab to view all stored stickies
   • Click on a variable to copy its value
   • Use copied values in any Burp Suite tool (Repeater, Intruder, etc.)
   • Use quick replace to swap values in requests

3. Managing Stickies:

   • View all stickies in the table
   • See the source of each variable
   • Copy values directly from the table
   • Add new stickies manually if needed

---

Contributing and Supporting

1. Fork the repository
2. Create your feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add some amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

<br>

Star History

---

Development

Core Functionality:

• StickyVariable.kt: Data class representing variables with name, value, and source
• StickyBurpTab.kt: Main UI component managing the variable table and operations
• StickyBurpContextMenu.kt: Context menu integration for variable operations
• StickyBurpHttpHandler.kt: HTTP request/response handler for variable replacement
• StickyBurpExtension.kt: Main extension entry point and initialization

Want to contribute? Check out our feature request template for ideas or to propose new functionality!

The project uses Gradle with Kotlin for building and testing.