Burp Extensions

Burp Suite Professional

I paid for a Burp Suite Professional license this morning, but as yet I have not received any notification from you confirming the payment and that I can download and install the software.

I've paid by Paypal for a Licence, but no key appear in my interface

I've paid today for a Individual Licence for Burp Profesional (Please check my Paypal Payment : transaction number : 24N397264K392581N) Could you tell me what the licence key is, because nothing appear in my interface....

Manual Install of Burp Extension

Hi, I hope I didn't miss it anywhere on the website, but I couldn't find how to install a local Jython extension in Burp through the Manual Install-button in the BApp Store tab. The extension runs fine in...

Additional Scanner Checks - Does it report HTTP 404 & 403 pages?

Hi, I am wondering if the Burp Extension - Additional Scanner Checks reports missing HTTP headers for HTTP 404 & 403 pages?

Can't Add a Extension to be Executed by session handling rule for checking invalid session

Hi, First off just wanted to say that you guys have been doing a great job with Burp, it pretty much covers 85 - 95% of my daily web app pentesting needs with the core functionalities. So my problem is exactly as stated...

Jython - ImportError: No module named expatreader

Hi, I would like to use defusedxml package. I am using Jython 2.7.1 standelone and I created virtual pyhton env where I installed defusedxml. I set up in bup extender "folder for loading modules" to -...

Scan Configuration

I am building an extension that calls doActiveScan and doPassiveScan. Is there a way to specify the scanner configuration. Currently tasks are created and there is a default scanner configuration used named Current auditing...

Autorize

Do i need to buy burp suite Pro to use autorize?

WebSocket API

I'm dealing more and more with websockets: is there _any_ way to modify requests on the fly? I'm not afraid of writing a custom extension or fiddle with scripting my own tools. FWIW, if you provide some guidance, I could...

Custom Extension for Whitelisting

Burp Suite Pro v1.7.23 Is it possible to skip a certain link/URL for specific checks (e.g. CSRF, SQL Injection) during a scan, while remaining them ticked in Scanner Options? So for better visualization, I'll provide a...

Burpsuite Pro v1.7.30

BApp Store - Attack Selector extension - Description has a misspelling: "Qiuick scan"

Outdated extensions and open pull requests

Hello, some extensions (like "Add Custom Header") don't have their latest version available in the BAppStore, and that lasts for a few months (and I hate having to maintain private versions) First, I wonder how the...

Failed to update Bapp List

Hi, My burp store list fails to be updated. I am using my employer's proxy settings and it may create some conflicts OR block some traffic. Do you have any work around this problem? Do you know how I can investigate and...

Get All URLs from a Website

Hello, I am currently writing a burp Extension. I need to get all URLs from the Website before the active Scan. How can I do this? Thanks

Pause scanner from extension

Is there any API to pause the scanner from an extension? For example, let's say you are scanning an API with a rate limiter, and your extension can detect that you are getting close to the limit, can it pause the scanner to...

hi

OpenAPI Parser

I am not able to get the OpenAPI Parser to work. I keep getting an error message saying that "The OpenAPI specification contained in <file name> is ill formed and cannot be parsed". However, the very same file can be...

Payload generator UUID

Is there an extension of the burp that create UUIDs on payloads?

Burp Carbonator does not work for me

I am trying to play around with the carbonator feature of Burp using the demo.testfire application as a test run and had a few questions and issues. Issues: I have installed carbonator and using the command " java -jar...