Burp Extensions - Page 19 - Burp Suite User Forum

http request smuggle (http/2 smuggle probe)

The h2.cl request smuggling lab is straight-forward when performing manually. However, want to make sure the extent to which i can rely on the extension and scanner for detection. When i run the http/2 smuggle probe it...

Burp Intruder consuming all RAM memory

When using Turbo intruder for brute force attack with 29 million passwords, the extension consumes all ram memory in few hours. My laptop has 32GB of RAM. What would be the problem? Why does the turbo intruder store...

addCustomeHeader is not available in rules dropdowwn to select

Hi Team, I have added custom headers in addCustomHeader extention and trying to integrate with session by tagging it to Rules. But when i tried to select extention, its not available in dropdown. Thansk

Failed to Upload Active Scan ++ in Burp Enterprise Edition

I want to add the active scan++ extension to my Burp Enterprise Edition. I've downloaded the active scan++ bapp file from the Bapp store. While trying to add/upload this file in extensions, it says 'Unsupported Bapp...

Burp Suit Professional 2022.3.1 is not supporting HTML tag

Hi team, We have one extension in which we have used HTML tags at different places to add color, font and other html features. Our extension was working fine with Burp Suite 2022.2.4 but after we upgraded to the newer...

Formatinng scanIssue

Hi, I am new to writing extensions in Burp and was just wondering how I can format the scan issues. With the Issue Detail I would like to colour code parts of the message, but whilst the API mention it accepts limited...

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

Good morning, The following request in the provided solution did work for me but I don't understand how it's calculated. POST / HTTP/1.1 Host: aca11fb21f25e1e3803a19b400f90012.web-security-academy.net Content-Type:...

About audit and how to judge start and end

Basically, I select one request from the history tab, run the audit, and then start auditing the next request after it finishes. I want to play a sound to notify when Audit (doActioveScan) starts and when Audit...

Extensions Load Error

Hello, While installing java or ruby related plugins, plugins with python do not load and give an error message. I tried to download from the bapp store is not installed. Burp Suite Professional 2021.10.3 OS:...

Burp Cookie Jar cookies not applied to requests for any tool

I am currently writing a Java based Burp Extension in order to navigate a complicated authentication system. I found that the macro recorder and other methods built into burp could not handle it, so I resolved to the...

URI as insertion POINT

Hi, I am curious if we can insert out payload inside URI, We have multiple insertion points but all those are related to parameters and there is no insertion point returned for URI while BurpSuite ActiveScan does check...

Burpsuite API: is it possible to change the Socks/HTTP proxy settings through it?

Hello, All's in the title! I have been trying to figure out how to do these things but I could not find any documentation regarding them. Any help would be appreciated.

burp theme change

if anyones got irritation in eyes looking at white burp for a long time then---> https://github.com/CoreyD97/BurpCustomizer/releases download the jar file and open extender and add the extension and u can change the theme...

AMF

What is the current state of AMF support within Burp and Burp plugins? Searching through old support post most AMF support seems very outdated. I'm using Pro 1.7.30. I've tried Blazer. It throws a null pointer...

Turbo intruder error

while I was trying solving Lab: Web shell upload via race condition I launched turbo intruder many times and it was working fine and suddenly there was a message said "User python error, check extender for full details: The...

Issues with loading python modules

except for java, python extenders are not working. please help Thanks Prathik

callbacks.doActiveScan not triggering active scan

Hi Team, I have following code for performing a active scan for a particular request but this is not triggering the active scan instead this throws error as below:- ``` import burp import sys from burp import...

Hackvertor Display issues

Hello! Long time Burp user. I discovered Hackvertor a while back and love the idea of it. I struggle to use it longer term because of a display issue I seem to be having and have tried various things to fix it :( - intel...

Loading external jars from extensions

Hello, I am building a Burp extension and I would like to incorporate external JARs, for example the gson library to store some settings in a file. For the life of me I can't figure out how to get this configured...

Need jar file for Collaborator Everywhere extension

From where can I download Colloborator-everywhere-all.jar I need jar specifically, as I need to load this extension automatically when burp starts.