Burp Extensions - Page 15 - Burp Suite User Forum

Bug: JWT Editor , Sign Dialog broke. Can't apply Key to edited JWT

steps to repro Environment Kali, latest Install latest JWT Editor (as of 12/21/2022 from the baapps store) Download LATEST Burp Pro Jar (12/21.2022) and configure to run it Java installed: Picked up _JAVA_OPTIONS:...

Temporarily deregister and reregister a Registration?

Hi all, I'm developing an extension utilizing the new Montoya API. I'm registering an HTTP handler as is done in the API examples: Registration headerHandler = api.proxy().registerRequestHandler(new...

Upload scanner " crashed while testing file upload functionality

When I am forwarding the file upload request and response to upload scanner , it get crashed and throws error " unable to generate automatic log report" I am able to forward request- response to upload scanner and start...

HTTP Request Smuggler - vs - LAB: CL.0 request smuggling

Although I was able to solve the 'CL.0 request smuggling' lab, I have not been able to make the 'HTTP Request Smuggler' extension find the flaw (or its location) when performing the probes. - I have attempted to target the...

Unknown object 'burp.tn5' causing AttributeError in consolidateDuplicateIssues method

An unknown object 'burp.tn5' is being passed into consolidateDuplicateIssues method which is causing the following exception to occur. I am unable to figure out the reasoning. I have provided snippets of code to assist...

Set highlight and Set comment

When calling the Extender by selecting a request already obtained in Burp's http history, I want to reflect the Highlight and Comment set in the Extender to the selected request. Can I do that with setHighlight and...

How to resize the http request smuggler when you select 'Launch all scans'?

Does anyone encounter this issue? When I select 'Launch all scans' with 'http request smuggler' extension, then I am able to see the full windows. That means I can't even see the 'ok' button and have no way to click on it....

IMessageEditorTab only for scope URL

I am trying to add a custom tab for requests using IMessageEditorTabFactory and IMessageEditorTab in python. I am trying to get details of the request and check if the URL is in scope or not and it shows a tab for the scope...

WebSocket messages being truncated to 4096 bytes

Hello! I'm using websocket handlers in my extension, and all binary messages (passed to me as bytearrays) I receive are truncated to 4096 bytes. Obviously this breaks functionality in my extension when the server sends...

HTTP Request Smuggler, invalid poc type

Hello, trying Burp Academy and catch the issue with above extension, by simply pushing Extensions > HTTP Request Smuggler > Smuggle probe and error message pane I can see: Establishing 1 connection to...

Burp Enterprise Extension Development Environment

Hello ! I would like to develop a custom BurpSuite Enterprise Extension in Java but I encounter some issues using my JAR file. It is successfully loaded in Burp but when fails to run when I launch a new scan using it. I...

cannot load burp python extensions

java.lang.Exception: Failed to load Python interpreter from Jython JAR file at burp.c8o.<init>(Unknown Source) at burp.ba0.a(Unknown Source) at burp.ctj.lambda$panelLoaded$0(Unknown Source) at...

Match and Replace "user agent" to match Mobile phone is not working

Hello, i have burp pro and i want to scan (deep) a web https site that is working only on low Resolution like Mobile. In Proxy - Options - we have the feature Match and Replace, i choose (V) the default option of user...

Jython ImportError: cannot import name LineBorder

Hello, I'm working on a burp extension. I have this error when I try Burp Extension with LineBorder class. I'm using Jython 2.7.3 this is the error message. from java.awt import BorderLayout, Color,...

Exception after adding BouncyCastle libraries bcpkix into the project

Hi, I'm currently trying to do an extension based off the new Montoya API that help me sign request using a PKCS1 Key. However, Java does not support PKCS1 key out of the box and require the usage of BouncyCastle. After...

Replace/Update Cookie

Hi, Is there any extension, which can be invoked using the session handling rule: "invoke a Burp Extension", which can replace or update any cookie value? Thanks, Arpit

Freezing application when using JWT Extension when trying to signing a key

Hi, I use JWT Edioter Key Extension, when I'm trying to sign a new symmetric key direct into request, the whole application freezing and no response. Any tips to fix this? My system: Windows 10 - 64bit

Create multiple HTTP requests from a single intercepted proxy request

Hello Team, I have my proxy listener on. I am trying to write a burp extension in python to loop over a list of payloads and replace the parameters in the body with the elements of the payloads list. I was not able to...

Context menu items for WebSocket messages

Hello! It is possible to use the API call `registerContextMenuItemsProvider()` (in Montoya) in order to provide context menu options for issues, HTTP request and responses. However, I'm unable to find a way to do the...

java.lang.Exception: Extension class is not a recognized type

java.lang.Exception: Extension class is not a recognized type at burp.ao0.M(Unknown Source) at burp.ao0.l(Unknown Source) at burp.wf8.t(Unknown Source) at burp.cci.o(Unknown Source) at...