Utilizing the Burp-Suite Pentest Mapper Plugin v1.6.5

Why Pentest Mapper?

Burp Suite’s Pentest Mapper plugin integrates a unique application testing checklist with request logging capabilities of Burp Suite. An easy-to-follow flow is provided by the extension for application penetration testing. The plugin has features that let users map the application’s flow during pen testing to examine the application and its vulnerabilities more thoroughly. Each flow’s API calls can be linked to the name of the function or flow. Users of the plugin can utilize the custom checklist to map or connect each flow or API to a vulnerability.

Note: Please note that Pentest Mapper is designed to map the application’s flow during penetration testing and help identify potential vulnerabilities. It is not an automated vulnerability scanner but rather a tool that aids in the manual testing process by providing a checklist and API mapping features.

Case Study Area

Let’s say we are performing a penetration test on a web application that has multiple modules and APIs. Instead of creating separate Excel sheets to maintain the testing and vulnerability checklists for each module, we can use Pentest Mapper.

First, we can create a customized checklist for the entire project in Pentest Mapper. This checklist can include various testing and vulnerability items that need to be checked during the penetration testing.

Next, we can use Pentest Mapper to map the flow of the application during the pen test. This will allow us to identify all the resources of the application and understand how they interact with each other.

As we perform the penetration testing, we can use Pentest Mapper to check off items on the customized checklist for each module and API. This will help us keep track of our progress and ensure that we have thoroughly tested each resource of the application.

By using Pentest Mapper, we can keep all our testing and vulnerability checklists in one Burp file. This will make it easier for us to manage the entire project and ensure that we have covered all the necessary testing and vulnerability items for the application.

1. Penetration Testing: The primary use of Pentest Mapper Burpsuite Plugin is for penetration testing, where it is used to identify security vulnerabilities in web applications.
2. Security Audits: The tool can also be used for security audits, to determine the overall security of web applications and identify areas for improvement.
3. Compliance Testing: The tool can be used for compliance testing, to ensure that web applications meet industry security standards and regulations.

Features

1. User-friendly interface: Pentest Mapper Burpsuite Plugin has a user-friendly interface that makes it easy for users to navigate and understand the results of their security tests.
2. Checklist: The checklist feature enables you to import your personalized checklist.
3. API Mapper: API Mapper helps you monitor each API request, flow, and test case.
4. Vulnerability: The vulnerability feature allows you to monitor potential security threats and associate them with specific API calls and parameters, as well as categorize their severity.
5. Config: The config option allows you to set the auto-save timer and directory, activate/deactivate auto-save, and enable/disable auto-logging of proxy requests for a specific domain.

Note: For one click import export if you add as it will override the data.

Tool Installation

GitHub Link: https://github.com/portswigger/pentest-mapper

1. Jython is required by Pentest Mapper, so configure Jython first and then the Pentest Mapper plugin.
2. Install Pentest Mapper from the BApp Store.

Tool Uses:

1. Checklist

By using the custom checklist that has been provided, users can link each API call to a vulnerability using the checklist.

Options:

1. Search: This feature allows the user to search for specific checklist items within the logged data. This is particularly useful when analyzing large amounts of data, as it allows the user to quickly locate relevant information.
2. Import Checklist: The import checklist feature enables the user to import a personalized checklist for their security testing. This can include specific tests, vulnerabilities, or other criteria that the users wish to include in their testing.
3. Create Checklist: The create checklist feature allows users to create their own personalized checklist for security testing. This can include specific tests or vulnerabilities that are relevant to their particular application or organization. By creating a customized checklist, the users can ensure that their testing is tailored to their specific needs and priorities.

                                                           Checklist Screen

2. API Mapper

The HTTP request can be logged from the repeater or proxy tab, mapped with the flow, and sorted according to the flow using the API Mapper tab. Moreover, users can add comments or test cases to the tab for each API call entered into the extension. Each API can be mapped with a vulnerability from the checklist using the tab.

Options:

1. Search: The search feature in the API Mapper allows users to instantly search for specific API requests or parameters within the testing scope. This saves time and makes it easier to locate and examine specific parts of the application.
2. Save Project: This enables users to save their API Mapper projects. This is helpful when working on long-term projects or when needing to revisit a previous project.
3. Load Project: This enables users to save their API Mapper projects and load them later. This is helpful when working on long-term projects or when needing to revisit a previous project.
4. Adding test cases to the particular API: Allows for more thorough testing of that specific area of the application. This helps to ensure that vulnerabilities are not missed, and that the application is thoroughly tested for security issues.

                                                                  API Mapper Screen

                                                                  API Mapper Screen

3.Vulnerabilities

Users can link the selected API to the vulnerabilities by using the tab, which also stores the URL and its parameters.

Options:

1. Search: The search feature enables users to search for specific vulnerabilities by keyword or category, making it easier to locate and address specific issues.
2. Export vulnerabilities: This feature allows users to export all vulnerabilities found during the testing process, along with their associated details, in a format that can be easily shared or analyzed.
3. Import vulnerabilities: The import vulnerabilities feature allows users to import previously identified vulnerabilities from external sources or tools, allowing for more comprehensive testing and analysis. This feature also makes it easier to integrate with other testing tools and workflows.

                                                                  Vulnerabilities Screen

                                                                  Vulnerabilities Screen

4.Config

The config tab lets you choose the output location and set the time for auto-saving when a defined time has elapsed. Also, you can choose to automatically open the checklist file and to quickly import and export data. Moreover, you can disable the proxy’s automatic save and log requests for the scope domain setting.

Options:

1. Auto Save Config: This feature allows users to set the auto-save timer and directory for their project, ensuring that no progress is lost if Burp Suite crashes or the user needs to pause testing.
2. Auto Load Checklist: This feature enables users to automate the import of their personalized checklist upon opening the tool, saving time and improving testing efficiency.
3. One Click Import Export: This feature streamlines the process of importing or exporting project data, making it quick and easy to share results with team members or clients.
4. Auto Logging: This feature automatically logs proxy requests for a specific domain, making it easier to track and analyze application activity during testing.
5. Auto Save: This feature automatically saves project data at regular intervals, further reducing the risk of lost progress and ensuring that test results are always up to date.

                                                                  Config Screen

                                                                  Config Screen

Video Demo

Conclusion

In conclusion, Pentest Mapper Burpsuite Plugin is a powerful tool for web application security testing. Its user-friendly interface and integration with other security tools makes it a valuable tool for security professionals, and its customizable features enable users to tailor its functionality to meet their specific needs. Whether you are conducting a penetration test, security audit, or compliance testing, this tool is an asset for ensuring the security of your web applications.

Reference

https://github.com/portswigger/pentest-mapper

Pentest Mapper – PortSwigger

Acknowledgement

• Sourav Kalal (Anof-cyber)

About Payatu

Payatu is a research-powered, CERT-In empaneled cybersecurity consulting company specializing in security assessments of IoT product ecosystem, Web application & Network with a proven track record of securing applications and infrastructure for customers across 20+ countries. Want to check the security posture of your organization? Browse through Payatu’s Service and get started with the most effective cybersecurity assessments.