Burp Extensions - Page 21 - Burp Suite User Forum

Weird behavior while setting request

Hi, I made an extension to add a custom header to every request, but it seems that it is breaking a lot of pages. An example is those one click captchas, but i also break a lot os SPAs. I want to get some help on how i...

stringToBytes method outputting invalid/incorrect characters

First reported here https://github.com/synfron/ReshaperForBurp/issues/15#issuecomment-1002476347, a user reported that text they entered isn't being properly outputted in Burp Suite. It is outputting with invalid/incorrect...

Log4Shell and Burp "Enterprise edition"

Hi, does anyone managed to get the Log4Shell extension to work on Burp Enterprise Edition ? (not Burp Professional). I can upload the plugin to my BE server, upload the scanning profile...

How to view audit requests generated by Collaborator Everywhere?

I would like to inspect those requests sent by Collaborator Everywhere extension to see whether it works or not. I concern this issue since I cannot get any access log in my Apache2 server used to test (forensic_log mod is...

Log4Shell Scanner and Log4Shell Everywhere

Hello Team, I tried to install Log4Shell Scanner and Log4Shell Everywhere extensions using BApp Store in Burp Extender to test the log4j vulnerability. I have tried the below process: 1. New Scan -> Scan details ->...

Turbo Intruder

Hello team, I'm practicing the upload file vulnerabilities labs now and i tried to solve it with introduce solution but i still getting 400 errors back at the turbo intruder and can't achieve the secret. The lab:"Web...

Add extension to active scan

Hi everyone, Can I add/edit an active scan payloads list? Can I add a custom extension to the active scan extension so my custom extension will be triggered during the active scan as well?

RSS feed for burp extensions

Just like the burp versions, is there an RSS feed for newly added extensions in the bapp store? Or should one write a custom parser on it?

HTTP Request Smuggle false positives

Hello, I've learned a lot on this topic by resolving every lab, but now I have been trying to find them in the real world and when I use this extension many times it finds at possible CL.TE or TE.CL and it always says...

How to invoke a burp enterprise scan with extension from command line / jenkins CICD

Hello, Our organization has a burpsuite enterprise license. We are trying to invoke burp enterprise site (with custom configuration and extension) from jenkins or from REST API - POST screen. I have created a burp...

ip rotate

i have installed the extension IP rotate and require fields. further provided required access key and secret key from aws services. yesterday it was functioning well. but now it is not getting enabled only and at the same...

Issue with ATOR Loading an Access Token

I seem to be having an issue with the way that ATOR is pulling an access token from a Request. I have dug into the issue and it appears to not be properly pulling the token and replacing it in my requests. I tried a few...

Errors when installing python/jython extensions

When installing a python extension such as Authorize I'm getting this error. Traceback (most recent call last): File "/home/myhome/.BurpSuite/bapps/f9bbac8c4acf4aefa4d7dc92a991af2f/Autorize.py", line 9, in <module> ...

burpsuite

hello, am using MacBook pro M1 and i was able to download Kali linux but the burpsuite is not found on the virtual machine. any help?

How to update the Multipart Attributes parameter correctly?

Dear support, I'm working on an extension that modifies the multipart attributes of a file that is uploaded via a multipart request. See the example request below: POST /doUpload.action HTTP/1.1 Host:...

How to make requests from custom scan checks appear in the Logger tab of the task

Hello, After performing an active scan, I usually go into Dashboard >> "View Details" of the task >> Logger tab to see the requests that were done and how the server responded to them. However I noticed that requests...

what is the positive or false positive? Or do you need to solve the problem? Cookie manipulation (DOM-based)

I have a question, would you like to know false positive or positive? Or do you need to fix? HTTP/1.1 200 OK Date: Mon, 13 Sep 2021 14:03:31 GMT Server: Apache Strict-Transport-Security: max-age=31536000;...

intrusive or not

Hi, How do I know if an extension I'm interested in, is intrusive or not. My goal for the time being is to run scan that will not harm the location/DB/code that I'm scanning

iprotate extensions

hello all i have configured jython and I used my credentials in IP rotate and still not able to rotate ips my IP is not rotating.. Please help

Error in python burp extensions

Hello everybody, I have this error when try to enable python burp extensions : " java.lang.Exception: Failed to open Jython JAR file at burp.a8h.<init>(Unknown Source) at burp.dhy.a(Unknown Source) at...