This plugin is a script developed in Java as an extender to the Burp Proxy API (Pro/Community).
Installation with NGINX and SSL Enable (Auto-Signed Certificate)
To enable Burp Plugin using NGINX and with SSL Enable you need the Name (e.g. server FQDN or YOUR name) that was set on the creation of the NGINX certificate.( $ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/faraday.key -out /etc/ssl/faraday.crt )
1. To open /etc/hosts file, execute:2. Add the following line to the file, save it, and then close it:
<IP> <Common Name NGINX Cert>
3. Now, execute the following command:
$ openssl s_client -connect <IP>:443
4. See the output and save from:
Into a file with extension .crt
5. Navigate into:
$ cd <JAVA_HOME>/jre/lib/security
6. Now execute:
$ keytool -import -v -trustcacerts -alias faraday -file ./<PATH_TO_CERT.CRT> -keystore cacerts
7. If it's all correct, you should navigate to:
To download Faraday's Burp extension, follow this link
Once you have downloaded the extension, open Burp, and follow these steps:
Go to Extender -> Extensions and click the Add button.
In the Extension Details section, the extension type should be Java, and the extension file should be the path to the faraday-burp-plugin-v2.jar file that you downloaded above.
Click Next, and if everything went well, you should see no errors and you can close the window.
Now, make sure the extension is loaded in the Extensions tab.
Once the Faraday extension is loaded into your Burp, you will see a new tab called "Faraday".
Here, you can log in to Faraday and you can edit the extension's settings:
Login to Faraday
In order to connect the Faraday's Burp extension to Faraday, follow these steps:
Set your Faraday Server URL. This should point to the same URL that you use when you are connecting to Faraday Server WebUI, (e.g: http://127.0.0.1:5985)
Connect Burp to Faraday by clicking on the Connect button.
Once you are connected, type your Faraday's credentials: username, password, and 2FA Token (if it's the case).
Login into Faraday by click on the Login button. If everything goes well, Burp should pop up a Login successful! modal.
- Once you are logged in, you can edit the extension's settings.
From here, you can:
Choose the workspace where you want to work on.
Choose whether the vulnerabilities should be imported automatically or not (it's disabled by default).
Import the vulnerabilities you've found so far.
Check if you want to use only Burp's scope.
From here, you can Restore Settings to default.
Send to Faraday
Once you have everything set up, you can send the issues or requests to Faraday.