Burp Extensions - Burp Suite User Forum

burp suite 2020.1

i am using community edition ill try every thing but intercept not caputering data target also not working ill try like add burp certificate proxy switcher restore default but not working ; i have also one problem when i am...

Extensions Load Error

hello, While installing java or ruby related plugins, plugins with python do not load and give an error message. The plugin I wrote and the plugin I tried to download from the bapp store is not installed. jruby version :...

Private Burp Collaborator Server: Unexpected Exceptions - Problem handling DNS requests

Hello, I am running a private Burp Collaborator Server (current version of Burp) on an AWS EC2 instance. It's working and all health check tests were successful, but I found a lot of error messages in the...

How can I get add a detachable suite tab for my extension?

I'm writing a Burp Extension that adds a suite tab. I'd like to be able to detach this suite tab like you can with other tools from Window -> Detach [toolname]. How can I go about this?

Burp Suite Professional fails to download

Every time I try to download Burp Suite Professional, it does not download. It remains in the downloading loop without actually downloading the app for hours. The community version downloads and the license for the...

boto3 iprotate

hi everyone could somebody helps me to load boto3 in burp suite in order to change my ip with IP_rotate? I don't know which script i have to write to establish a connection with the aws cloud?? Thank you

How to extract PDF reports from Burp Suite.

The option of saving the report is only to HTML or XML format. How to save in PDF format

carbonator for remote scan

I have installed carbonator,java and jython. I have configured proxy, upstream proxy and intercept to be turned off. The same configuration is saved and I m using this in commandline. java -jar -Xmx2g...

IResponseVariations list with details

Hi, I need to use the IResponseVariations for an extension. I enumerated the attributes using the getVariantAttributes and getInvariantAttributes but I'm not sure on the meaning of all the attributes/attribute...

Wsdler

I have had success in the past using this extension to parse out operations associated with a web service and generates SOAP requests that can then be sent to the SOAP endpoints. However, with Burp v 2020.9.2 on Windows,...

How to highlight the tab of an extension?

Hi, I am working on an extension which has its own tab, it uses regex to search for a specific pattern in an HTTP response. I want to notify the BurpSuite user once the pattern is found, just like what `Proxy` tab does...

WebSocket API

I'm dealing more and more with websockets: is there _any_ way to modify requests on the fly? I'm not afraid of writing a custom extension or fiddle with scripting my own tools. FWIW, if you provide some guidance, I could...

Safety of Bapp Extensions

What does portswigger do in terms of reviewing submitted extensions for safety. Malware/virus scan? Code review? Static/dynamic security analysis? Or are they offered as "use at your own risk"?

Scan Configuration

I am building an extension that calls doActiveScan and doPassiveScan. Is there a way to specify the scanner configuration. Currently tasks are created and there is a default scanner configuration used named Current auditing...

Burp Scanner stuck

Hi, I have just stated an unauthenticated scan for one of our website which is accessible through internal VPN only. since last more than 1 hour, I can see that Burp has got stuck on " Unauthenticated crawl. Estimating time...

using IMessageEditorController in Repeater

Hi guys, I am trying to create an extension that adds a tab to the message editor where I need to access request values like the url in the response tab. As far as I know this is done using the getRequest method of the...

Send a request through the proxy

Is there a way to send extension request through the proxy? I would like to add the output of one extension to the proxy history. Thanks.

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

Good morning, The following request in the provided solution did work for me but I don't understand how it's calculated. POST / HTTP/1.1 Host: aca11fb21f25e1e3803a19b400f90012.web-security-academy.net Content-Type:...

Created new burp extension for intruder

Hi, Created a new burp extension for intruder. With this extension users can use Hashcat Maskprocessor arguments to create a bruteforce attack. If this code fits in "BApp Store" here is my...

Lab: Combining web cache poisoning vulnerabilities

Has anyone noticed an issue with Param Miner not able to find the headers required for this lab? Not sure if it's my Param Miner, my Burp, or the lab itself. I've tried by disabling nearly all the other extensions, but my...