5GC API parse is a BurpSuite extension allowing to assess 5G core network functions, by parsing the OpenAPI 3.0 not supported by previous OpenAPI extension in Burp, and generating requests for intrusion tests purposes.
- Download Jython 2.7.x Installer Jar from https://www.jython.org/download
- Install Jython by default:
java -jar jython-installer-2.7.2.jar
- Download PyYAML from https://github.com/yaml/pyyaml
- Install PyYAML:
./jython PyYAML-5.4.1/setup.py install
- Open Burp on Extender / Options
- In Python Environment, set the location of the Jython JAR to the installed one
- Set Extension file to
<installation_folder>/5GC_API_parse.py
- Click
Next
- The addon is now installed, a new tab named
5GC API parse
should appear
Just provide a target address with URL scheme, a port number and a OpenAPI 3.0 file you want to process and voilà:
You are ready to use it in the repeater, intruder to fuzz, etc.
Quick demo:
5GCAPIParser_edit.mp4
- 1.2 (07/20/2021): Core reorganization + adding Swagger browsing for associated YAML files and a clear-all button
- 1.1 (07/20/2021): Fixing errors in headers and adapting default values to actual 5G core
- 1.0 (05/20/2021): Initial release