Burp Extensions - Page 2 - Burp Suite User Forum

Turbo Intruder with Session Handling Rules

Hello to all, I'm trying to learn turbo intruder. I created session handling rules for 2FA lab to get CSRF tokens like: get /login post /login post /login2 every time I use repeater or intruder my session handling...

Batch Scan Report Generator - faild to create reports

After the new Burp Professional upgrade version 2022.9.5, Batch Scan Report Generator is failling to create reports. The plugin print the message "Report Generation Complete!" but it it doesn't saved the report to the...

Custom extension not marking requests as "Edited"

I've made an extension in Python that generates and inserts a custom header into all HTTP requests, and it works as-in the custom header is added correctly, but the requests do not have an Edited and Original version. All I...

Macro Items Returning Null

I'm trying to create a Burp Extension that uses values retrieved from a macro, however, macroItems[0].getResponse() returns null. Has anyone come across this error? If so, do you know how to fix it in python? I'm running...

Montoya API - Custom Scanner Check

Hi! Thanks for creating a new Burp Extension API, I am testing the new Montoya API to create a plugin with a custom scanner check. For this I used the ScanCheck interface and within the activeAudit function I would have...

My Burp extension stopped working since the latest Burp update

Hi - since I last updated by Burp, I'm getting a new error when trying to load a custom burp extension: java.lang.Exception: Extension class is not a recognized type at burp.u2_.J(Unknown Source) at...

I cannot install Autorize extension from BApp

Hi currently I am enrolling in a API Security course. I am in a setup lab stage and it requires extension named Autorize. I already followed all the steps including put the stand along jython installer .jar file in python...

Java Deserialization Scanner

Hello, It was checked that Java Deserialization Extension is not working properly anymore. It does not provide correct results while scanning vulnerable to Insecure Deserialization web application. I hope someone can...

no improvement with turbo intruder

Hi I'm doing SQL conditional lab, and I don't see and improvement with the turbo intruder. It's still very slow, especially after 100 requests or so. Are the labs throttled? Also I tried getting latest burp edition just to...

Failed to download BApp File

I can successfully access the BApp Store list and can even access the portswigger.net but somehow neither I am able to install any of the extensions nor I am able to update Burp through "Help" menu it will show/load new...

Chrome's Dom Invader buggy on sites protected by recaptcha

Hello, I am trying to use Dom Invader in order to find DOM XSS vulnerabilities on a website that is protected by google recaptcha. As soon as I enable DOM invader, I am getting logged out and when I try to log in it...

Hash lookup

Hi all, Sometimes I have a hash and want to reverse it to find the original text and the used hash algorithm. I want to ask if there is any extension that performs hash lookup. Thanks

BurnSuite website SSL error

I have configured Firefox to used Burp as proxy and everything works fine, except for one website. At the first "get request" everything works as it should be, that is, passed the traffic to burp and then i forwarded it....

Carbonator : No HTTPS traffic

I have configured carbonator and I am running the following command java -jar -Xmx2g -Djava.awt.headless=true /home/webscanner/BurpSuitePro/burpsuite_pro.jar https example.com 443 / --user-config-file=Config/userNew.json...

Burp wasn't intercepting localhost in brave browser

I'm using brave browser and wasn't able to intercept traffic in localhost anyone knows any fix on this? Thank you! - Certificate is okay - Other sites was intercepted

Email regard

Hi Team, I set up email notification in Burpsuit. when the site is scanning I want to get report by mail. I am receiving summary report but i want to get detailed report how to setup to get detailed report.

[Param Miner] Cachebuster in the User-Agent headers causes CloudFlare 403 block

Param miner automatically adds a cache buster to the user-agent, this gets blocked by CloudFlare. I've attempted everything, please how can I stop this behaviour??? Is there a workaround ???

How do I make line wrap?

How can I make line wrap enable for the string response with the function txtInput.setText()?

Unable to load installed extension.

Hi Team I have downloaded some extensions from BApp store but unable load them in burp menu bar for e.g. J2EE scan. When i check the load option under extender menu it shows success but does not shows anything in menu bar....

How do I perform manual checks like a batch?

Hello Burp Users, I don't want to perform any crawling or automated scans for my testing. I have about 50 - 100 requests that I want to send to the target and evaluate the raw responses. Are there any burp extensions to...