Skip to content
/ bubble-pop Public
forked from samanL33T/BubblePop

BurpSuite Extension for encrypting & decrypting bubble.io elasticsearch queries

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PortSwigger/bubble-pop

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
BappDescription.html
BappDescription.html
 
 
BappManifest.bmf
BappManifest.bmf
 
 
BubblePop.py
BubblePop.py
 
 
README.md
README.md
 
 

Repository files navigation

BubblePop - Bubble.io ElasticSearch decryptor

A Burp Suite extension that enables security testing of Bubble.io applications by automatically decrypting and re-encrypting their Elasticsearch payload data.

Description

BubblePop is a specialized Burp Suite extension designed for security researchers and penetration testers working with Bubble.io applications. Bubble.io applications encrypt their Elasticsearch database queries. This extension automatically handles the decryption & re-encryption, allowing security professionals to analyze and modify database operations during security assessments.

The extension provides:

  • Automatic detection and decryption of Bubble.io ElasticSearch encrypted payloads based on the Bubble AppName
  • Real-time payload inspection through a dedicated message editor tab
  • Seamless re-encryption of modified payloads for request manipulation

Installation

Requirements

  • Burp Suite Professional (2023.10+)
  • Jython support enabled in Burp Suite

Steps

  1. Download the BubblePop.py file from this repository
  2. In Burp Suite, navigate to ExtensionsInstalledAdd
  3. Select Extension type: Python
  4. Choose the downloaded BubblePop.py file
  5. Click Next to load the extension
  6. Verify installation by checking for the "BubblePop" tab in Burp's main interface

Configuration

  1. Navigate to the BubblePop tab in Burp Suite's main interface
  2. Enter the target Bubble.io application name in the configuration field
  3. Click Save to apply the configuration
image

Usage Instructions

Basic Usage

  1. Configure the extension with your target Bubble.io AppName
  2. Use Burp's Proxy to intercept traffic from the Bubble.io application
  3. When encrypted Elasticsearch requests are intercepted, look for the BubblePop tab in the message editor
  4. The tab will display the decrypted database queries and JSON data
image image
  1. Modify the decrypted content as needed for your security testing
  2. Forward or repeat the request - the extension automatically re-encrypts your modifications

Credits

This extension implements the encryption research from demon-i386/pop_n_bubble. All credit for the original cryptographic analysis and Python implementation goes to the researchers at that project.

Disclaimer

For authorized security testing only. Don't use this for malicious purposes.

Version History

  • v2.1: Minor code updates to remove unnecessary parts.
  • v2.0: Montoya API migration, background threading, improved error handling
  • v1.0: Initial release with basic decryption functionality

About

BurpSuite Extension for encrypting & decrypting bubble.io elasticsearch queries

Topics

extension

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 95.3%
  • HTML 4.7%