Burp Extensions - Page 22 - Burp Suite User Forum

How to change proxy by an extension when using intruder

Hello there. I posted a question( http://forum.portswigger.net/thread/1646/change-upstream-proxy-extension ) on forum not long ago, and developer gave me a rather primitive but direct recommendation. Actually, I toke...

burp hangs while shell command completes

Hello, I have an extension which calls a shell command that takes a bit to complete. After invoking this from the context menu, burpsuite hangs and resumes after the command completes. I have tried using threading to avoid...

The scanner report size is not consistant for the same web site.

Hi we have a job (scheduled to run once a day) that invokes BURP (with carbonator extension) through cammand line. this setup is been working for quite a while. when we look at scanner reports we see that some days it is...

How to send a post request?

I read the document and know that we could use `makeHttpRequest` to send request. I've tried that if I used `PARAM_URL`, it success. I've read this thread...

How Does Burp Handle Responses?

Hi, I hope this is not a duplicate question, but I couldn't find the response to it. I wonder if it is worth checking if the response I'm analyzing for the PDF Metadata Extension is actually a PDF file before reading the...

How to transfer some domain’s requests to my server?

I use Burpsuite as a proxy, and I want to collect all the requests of some domain, then send these requests to my server . For example, I want to collect all the requests of [target.com]. When a request like below come...

Running automated scans with Carbonator

We installed Carbonator from within the Burp scanner under the BApp store and ran the following command for as a test: java -jar Xmx2g c:\Users\Desktop\Burpsuite_pro_v1.6..21.jar https://www.google.com. We received the...

Re-writing responses

I am trying to write my first extension to add a csp header to the response. I have found several articles about adding headers to the requests but none for responses. This if my first try, which does not work. Any pointers...

Request and response time API must be implemented for logging functionality.

I have asked in Burp Suite User Forum about "Accessing the response time" for long time ago, and I am waiting for 1.5 years approximately, regarding to http://forum.portswigger.net/thread/686/accessing-response-time...

Adding POST request to site map also adds a GET for same URL

I have a simple class that implements IHttpRequestResponse and IHttpService. I use it to construct a IHttpRequestResponse object that is ultimately added to the site map using IBurpExtenderCallbacks#addToSiteMap. When...

JRuby + Swing: Stderr doesn't go to UI until extension reload

Burp 1.6.20, tried JRuby 1.7.12 and 9.0.0.0.rc1. In registerExtenderCallbacks, I instantiate a class that creates a Swing UI for my extension's configuration. The config UI creates a DefaultTableModel to hold my config...

VirusTotal Extention

Greetings- I've been writing an extension that will take a URL that is intercepted by burp and submit it to VirusTotal for analysis. Here is a snippet: def changeSelection(self, row, col, toggle, extend): ...

Issue with the IBurpExtenderCallbacks method removeHttpListener

I'm trying to remove a HttpListener that I have created. I noticed in the extender javadocs that there is a method called removeHttpListener, however the method doesn't exist in the IBurpExtenderCallbacks.java interface. I'm...

Python interface text control

Hi guys, I am reading the API documentation and i have not clean the funtion that i need to use for my question. Easy question, what API funtion i have to use for control the text portion selected from any part of...

Supported Layout Managers

I've been noticing that when I use certain layout managers in my extension the extension no longer works. It doesn't throw any errors when I'm loading it, but it never creates its tab. What layout managers are actually...

Update the content of the Intruder attack window

I would like to intercept a request after an intruder attack is started. After the intercept, I want to modify the request and send them out. At the moment I'm trying it with a httpListener, but this does not update the...

extender

So this 'issue' has been happening to me for the last few versions of burp suite pro. right now I am running the latest .18 version. In the extender tab i have the option to automatically reload extensions on startup...

Adding a header with ISessionHandlingAction

I have a super simple extension to just jack in a static header for an api authentication on a Backbone site. It doesn't work, and I don't know why. Anyone have any ideas? from burp import IBurpExtender from burp import...

[python] registered callback 'performAction' never called

I want to use a python extension to calculate a custom header I need to read a header, url and body (in case of POST) and calc a SHA1. my code so far: https://paste.cybertinus.nl/p/u33AS8kCnT I double checked al...

Burp plugin that does not launch Burp GUI

We want to write a plugin that runs certain Burp functions, but does so in the background, and without launching the Burp GUI. Is there a way to suppress the GUI while executing certain functions (e.g., Scan)? Please...