Burp Suite User Forum

Create new post

Montaya extension examples

For the old API (weiner) there was example in java, python and ruby. For the new montaya API there are only examples in java. Please add examples in python and ruby too.

Last updated: Nov 20, 2023 11:00AM UTC | 2 Agent replies | 2 Community replies | Burp Extensions

Python Extension Loading Errors

I'm encountering this issue with all Python extensions from the BApp store and my personal extensions. This started to happen after a burp update at some point. I'm currently running 2023.10.3.4 but this started to happen...

Last updated: Nov 17, 2023 04:08PM UTC | 3 Agent replies | 2 Community replies | Burp Extensions

HTTP Request Smuggler CLI

Hello portswigger, I want to use the HTTP Request Smuggler extender as cli, how can I do it? Regards.

Last updated: Nov 17, 2023 10:09AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Multiple IMessageEditorTab

I am working on creating two IMessageEditorTabs, one for requests and the other for responses. I know that I could use just one IMessageEditorTab and check whether the message is a request or response inside it. However, I...

Last updated: Nov 16, 2023 10:06AM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

Log4jShell scanner removed? Does Active scan++ supports Log4jshell?

Hi, Any reason why Log4jShell scanner extension is removed from BApp Store? Also, since Log4jShell scanner removed, does for all the below variants are supported by Active scan++ Feature Log4Shell scanner (this...

Last updated: Nov 16, 2023 07:52AM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

HTTP Request Smuggler doesn't work

HTTP Request Smuggler is not working properly, when I start Attack, it does not proceed from "ENGINE WARMING UP". The execution environment is as follows. ・Burp suite:2023.10.2.3 -2023-10-02 ・Extension : Both are the...

Last updated: Nov 15, 2023 02:01PM UTC | 5 Agent replies | 7 Community replies | Burp Extensions

I can't install Highlighter and Extractor extension

Hi! I have a problem with the "Highlighter and Extractor" extension, it happens that when I want to install it from the BApp Store or manually, it gives me the following error: java.lang.Exception: Extension class is not...

Last updated: Nov 08, 2023 02:51PM UTC | 3 Agent replies | 5 Community replies | Burp Extensions

Batch Scan Report Generator - faild to create reports

After the new Burp Professional upgrade version 2022.9.5, Batch Scan Report Generator is failling to create reports. The plugin print the message "Report Generation Complete!" but it it doesn't saved the report to the...

Last updated: Nov 07, 2023 11:34AM UTC | 3 Agent replies | 2 Community replies | Burp Extensions

Montoya API: Burp 2023.10.2.4: java.lang.Exception: Extension class is not a recognized type

I have created a helloworld extension using the Montoya java code and getting the below error when I try to load (exported runnable jar: helloworld.jar) it in Burp UI: java.lang.Exception: Extension class is not a...

Last updated: Nov 07, 2023 10:14AM UTC | 2 Agent replies | 2 Community replies | Burp Extensions

Error in JRuby extension in newest Burp versions

Hello, I've started to get errors in JRuby extension starting from v10 of Burp Community Edition (MacOS M1). JRuby version is 9.3.11.0 The error is raised when 'net/http' library is used. The error...

Last updated: Nov 06, 2023 10:40AM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

CO2 extension marked by antiviruses as malware

The CO2 extension is considered malware by more AV/EDR vendors. I could not find a reason behind it and our EDR vendor did not share their reasons either. Do you have a clue what is going on here? The page for the...

Last updated: Nov 06, 2023 10:20AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Show changed responses from Extension in Repeater tab

Hello! I develop my custom extension (using Montoya API) which modifies request from the Repeater before sending it to the target host. It works great - in Logger I see all changes. But I am also want to see modified...

Last updated: Oct 30, 2023 02:37PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Time based request

Hi Team, Does burp suite has any functionality wherein it can revoke either an extension or a request after a certain period of time? Or any extension having the functionality wherein it can send a request after a...

Last updated: Oct 30, 2023 09:52AM UTC | 4 Agent replies | 4 Community replies | Burp Extensions

Turbo Intruder - race-single-packet-attack.py Not queueing requests

Hello, I'm doing some research regarding James Kettle's single packet race conditions. I've tried his probe script as well as race-single-packet-attack.py but it doesn't actually queue the requests. The majority of...

Last updated: Oct 30, 2023 09:09AM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

Does Burp create a copy of an installed extension?

When developing a new extension, one has to install it multiple times. I noticed that Burp Suite will keep track of where the JAR is originally located when you add it as an extension. I was curious if it's possible...

Last updated: Oct 25, 2023 04:24PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Turbo Intruder: Script with randomly generated strings

The integrated Intruder is great, but I still wanted to use the speed of the Turbo Intruder for some tests in our fuzzy lab. The handling of the characterstrings to be generated has to be very flexible and this is what came...

Last updated: Oct 24, 2023 12:43PM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

Error Message: 'Configuration JSON Found' in Burp Suite Extension Loading

I'm using burpsuite pro v2023.10.3.1 and I'm currently facing an issue while loading extension on java and python enviroment. I can install java 18 in windows11 and i have loaded jython-standalone. When I attempt to load an...

Last updated: Oct 23, 2023 04:43PM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

Turbo intruder has encoding base64??

Hi dear İ have a target it's login page encoded with base64 (user password) i easily could attacked successfully with intruder because it had payload rule that encoding credentials to base64 or hash or .... but in turbu...

Last updated: Oct 23, 2023 10:33AM UTC | 4 Agent replies | 3 Community replies | Burp Extensions

extension error when load in java environment

"I'm encountering an issue in Burp Suite where I receive a 'configuration JSON found' error message when trying to load an extension. Could you please help me diagnose and resolve this problem?" "I've come across an...

Last updated: Oct 23, 2023 09:04AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Single Connection in BCheck

I am creating a BCheck on Client-Desync and Request Smuggling and I need to be able to configure the BCheck to perform the requests in "Single Connection" mode but I don't see how to do it in the documentation.

Last updated: Oct 20, 2023 12:28PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Page 2 of 47

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image