Burp Extensions - Page 2 - Burp Suite User Forum

WebSockets - Message Size Limit

Hi - I've dropped support a message about this, however, I just thought I'd try here too just in case anybody else has had a similar issue. I'm utilising the Montoya API in a Burp extension to test an app that uses WSS....

Burpsuite Extension Reshaper and Custom Send To doesn't work

I am trying to run a Linux command within Burp Suite. First, I tried to use the Reshaper Extension to "Run Process" as a command line in Linux. Please see my setup below: When: Event Direction: Request Then: ...

HTTP Request Smuggler - Dashboard Items Not Working

Running Burp Pro 2024.3.1.4 and HTTP Request Smuggler v2.16 on MacOS 14.4.1 When I run a Smuggle Probe on a request, the findings appear in the Dashboard's Summary tab but they do not appear in the Issues tab. If I try...

messageEditorHttpRequestResponse cannot update multiple http headers

Hi there, I tried to use montoya to update 2 http headers messageEditorHttpRequestResponse.setRequest(messageEditorHttpRequestResponse.requestResponse().request().withUpdatedHeader("header1", "test1")); // ...

Request Highlighting

I'm working on a new ScanCheck Burp extension and running into some issues using the highlighting functionality. AuditInsertionPoint (e.g. as created using AuditInsertionPoint.auditInsertionPoint()) has a method...

Can't complete ' Reflected XSS protected by very strict CSP, with dangling markup attack '

Hi, I tried to complete "Reflected XSS protected by very strict CSP, with dangling markup attack" but in the part use the payload to get the `window.name`. I can't get in Burp Collaborator or in log's exploit server. Is it...

Check if a BCheck is already installed

Hi, I've used the method importBCheck() that will run on startup. However, if the BCheck is already installed, it just duplicates the BCheck. I've hacked a solution to look at the path key in the user json to see if...

Bcheck enhancement

Hello: I had the same idea of devlop some script engine to achive burp scanner rule like bcheck and completed recently,which was based yaml.So I want to discuss with you about the bcheck ability： 1. would you consider to...

Failed to load Python interpreter from Jython JAR file

Hello Dear, I am facing an error. I am not able to add my extension in Burp. I am getting the follow error: java.lang.Exception: Failed to load Python interpreter from Jython JAR file at burp.a3t.<init>(Unknown...

I cannot install Autorize extension from BApp

I'm enrolled in APISec University and I'm trying to install Autorize, but keep getting errors. I follow the instructions, but keep getting errors regardless of which method I use to try and install it.

How do I get Add Custom Header extension to work

I've input the Header name and value but the custom header doesn't show up in requests in Proxy. Are there any alternatives? It would be good if this worked - many programs require it

Not able to convert string to JSON object in Burp Extension using Montoya API

Gson gson = new GsonBuilder().setPrettyPrinting().create(); String jsonString = "{ \"name\" : \"John\", \"age\" : \"20\", \"address\" : \"some address\" }"; JsonElement jelem = gson.fromJson(jsonString,...

ClassNotFoundException from extension using Jersey

Dear support, I have written an extension that is using behind the scene Jersey. Jersey is an open source framework for developing RESTful Web Services in Java. It provides support for JAX-RS APIs and serves as a JAX-RS...

Accessing Requests of Audit issue with No Response in Burp Suite Using an Extension

I have an issue detected by the issue handler in Burp Suite, where a time-based SQL Injection vulnerability is identified but there's no response in the issue details, only a request. How can I access this request using an...

Extensions Development - Burp Launching and Licensing Issue

Hi All, I am beginning to contribute to a Burp Suite extension and I'm running into some issues debugging. I have followed the instructions in this thread:...

JWT Editor cannot be loaded anymore

Hi, I installed the Burp Extension "JWT Editor" and used it for a couple of days. Now it is not loaded anymore when I start Burp. I unloaded and reloaded it, removed and re-installed it, JWT Editor is simply not working...

request().url() return value inconsistent

While working on an extension I came across an odd behavior but I'm not sure if it's expected or something with my extension code. It looks like for some reason, the HttpReuqestResponse.request().url() returns different...

sqlpyi

Hi I am trying to install sqlpyi but its not working , i tried many things but its showing sqlmap api is not running.I am using window machine. Colud you help me for this issue. Below some error when i tried to run...

api to toggle request method and body encoding

Hello Is there some api support to toggle http request? I konw the toggleRequestMethod can be use to toggle method from GET and POST，is there some one support toggle param to mutipart param in montoya api(like use it in the...

Are Jython extensions deprecated?

Hello, I was looking into writing an extension, and all of the current documentation seems to indicate it should be done in Java via the new Montoya API. Is Jython support going to go the way of the old extender API?...