We’re thrilled to announce PacketSprinter, a cutting-edge Burp Suite extension developed by Route Zero Security’s @richeeta with initial testing conducted by @sh4d0w_moon that builds on the foundational research by James Kettle to streamline HTTP/2 single-packet attack testing in a unified, intuitive interface.
What is PacketSprinter?
PacketSprinter leverages the single-packet attack, an advanced technique that synchronizes multiple HTTP/2 requests into a single TCP packet to minimize network jitter. This ensures near-simultaneous processing by the target server, making race condition vulnerabilities easier to uncover and exploit. By integrating seamlessly into Burp Suite, PacketSprinter enhances this technique with intuitive tools and an efficient workflow.
Why PacketSprinter?
Testing for race conditions in Burp Suite often requires manually duplicating requests across multiple Repeater tabs, sending them in parallel, and analyzing the responses. PacketSprinter automates these steps and introduces several enhancements:
- A single interface for duplicating, editing, and sending grouped parallel requests.
- A side-by-side view of all requests and responses within the same UI tab.
- Automatic highlighting of response differences, such as status codes, headers, or body content, to simplify analysis.
By removing the need to switch between tabs or perform manual comparisons, PacketSprinter makes race condition testing faster and more effective.
Key Features
- Streamlined Parallel Requests: Execute parallel HTTP/2 requests using the single-packet attack methodology.
- Effortless Duplication and Editing: Quickly duplicate requests and customize them within the same interface.
- Response Comparison Made Simple: View requests and responses side-by-side, with automatic highlighting of key differences.
- User-Friendly Design: A clean, intuitive interface tailored to enhance productivity.
How to Get Started
To try PacketSprinter, download the latest JAR file and load it into Burp Suite via Extender > Extensions. After loading, right-click on a request in Proxy or Repeater, select PacketSprinter: Send Requests in Parallel, and you’re ready to begin.
Limitations and Future Plans
Currently, PacketSprinter supports HTTP/2 single-packet attack techniques but does not yet include support for HTTP/1.1 last-byte synchronization or HTTP/3. HTTP/1.1 functionality is actively in development and will be included in a future release. HTTP/3 support is under evaluation, though there are no immediate plans for implementation.
Not Yet in the BApp Store
While PacketSprinter has been submitted for inclusion in the Burp Suite BApp Store, it is not yet available there. For now, you can download and use the extension directly from our GitHub repository.
Contribute or Share Feedback
We value community input and encourage contributions, feature suggestions, and bug reports. Please feel free to reach out via the GitHub Issues page with your thoughts and feedback. Your input will help us make PacketSprinter even better.
Conclusion
PacketSprinter represents a significant innovation in HTTP/2 race condition testing. By simplifying workflows and introducing intuitive features, it empowers researchers and penetration testers to detect and exploit vulnerabilities with ease. While we await its addition to the BApp Store, we invite you to download PacketSprinter today and experience a smarter approach to testing.
We look forward to hearing about the vulnerabilities you uncover using PacketSprinter!
You must be logged in to post a comment.