Burp Integration

Plugin can be found here and Video Guide here

Burp Integration

How to get JWT

API First time you run Jaeles, it’ll setup some config and credentials at ~/.jaeles/config.yaml

POST /auth/login HTTP/1.1
Content-Type: application/json
User-Agent: Jaeles Scanner
Host: 127.0.0.1:5000
Content-Length: 54
Connection: close

{
    "username": "jaeles",
    "password": "your_password_here"
}

Use that credentials to get your JWT.

Burp-Extensions

You can run jaeles server without authentication with -A option but keep in mind that some signatures allow execute command on your machine. So make sure you only bind this server on 127.0.0.1.

How to install Burp plugin

Download the plugin on from this URL.

Run Jaeles as server mode by using this command jaeles server -v. First time you run, it’s gonna create default credentials on ~/.jaeles/burp.json. (Delete ~/.jaeles/ folder and run it again if you have any issue)

Make sure you have Jython intalled on Burp then load it. Burp -> Extender -> Add jaeles-burp.py as python extensions.

Burp-Extensions

When Plugin is loaded it gonna auto do login and store persistance JWT in ~/.jaeles/burp.json.

Burp-Extensions

Sending request to Jaeles Server without burp

You can also send request directly to Jaeles Server without burp plugins. Just follow this request body below

POST /api/parse HTTP/1.1
Host: 127.0.0.1:5000
User-Agent: Jaeles Scanner
Authora: Jaeles <Your_JWT_here>
Content-Type: application/json
Connection: close

{
    "url": "http://target.com/api/foo",
    "req": "<base64_request>",
    "res": "<base64_response>"
}