Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How can I move burp extension folder elswhere ?

My username on this computer has a non ascii character in it, this causes problems to load any python extensions. I can't change my username on the computer (company policy T^T) so the only for me to load any python...

Last updated: Feb 07, 2022 08:30AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Python extension works with new header but unable to replace existing header?

Hey all, I was wondering if I could have some help with this extension. I have been able to pull my existing Cookie header, as well as successfully modify it. However the modification anywhere. It does not appear in the...

Last updated: Jan 25, 2022 08:37AM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

Log4Shell Scanner & Log4Shell Everywhere

Hi, I configure Log4Shell Scanner & Log4Shell Everywhere addon in my burpsuite professional to detect the log4j vulnerability. Once after craw & audit completed for the log4j vulnerable application, I couldn't found the...

Last updated: Jan 18, 2022 08:52AM UTC | 3 Agent replies | 3 Community replies | Burp Extensions

Match the string and grep entry line

Hello community, I need small help,if I give a string,then match the string in response and show the total affected line. For example:aws_key match I need to write my tool, I need help.

Last updated: Jan 14, 2022 10:51AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Example of replacing and or adding a cookie via Burp Extender in Python?

Hey all, relatively new to Burp extensions. I've been trying to find an example of Burp Extender Python snippet that adds a custom Cookie either to every request or to the cookie jar. Does anyone have any Python code...

Last updated: Jan 13, 2022 12:14PM UTC | 3 Agent replies | 3 Community replies | Burp Extensions

how to load request[]

mycode: byte[] request = callbacks.getHelpers().stringToBytes(Config.CSRF_REQUEST); IRequestInfo requestInfo = callbacks.getHelpers().analyzeRequest(request); List<String> header_list =...

Last updated: Jan 12, 2022 01:47AM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

Allow Extensions to Bypass Global Timeout

Hi, we're testing a system that does not send a response on successful exploitation. In ActiveScan the Status changes to "Errors: request timeout" and the vulnerability isn't reported. When using a modified...

Last updated: Jan 07, 2022 11:40AM UTC | 2 Agent replies | 0 Community replies | Burp Extensions

Log4Shell and Burp "Enterprise edition"

Hi, does anyone managed to get the Log4Shell extension to work on Burp Enterprise Edition ? (not Burp Professional). I can upload the plugin to my BE server, upload the scanning profile...

Last updated: Jan 06, 2022 12:36PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Weird behavior while setting request

Hi, I made an extension to add a custom header to every request, but it seems that it is breaking a lot of pages. An example is those one click captchas, but i also break a lot os SPAs. I want to get some help on how i...

Last updated: Jan 05, 2022 06:00PM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

stringToBytes method outputting invalid/incorrect characters

First reported here https://github.com/synfron/ReshaperForBurp/issues/15#issuecomment-1002476347, a user reported that text they entered isn't being properly outputted in Burp Suite. It is outputting with invalid/incorrect...

Last updated: Jan 05, 2022 05:31PM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

Log4Shell and Burp "Enterprise edition"

Hi, does anyone managed to get the Log4Shell extension to work on Burp Enterprise Edition ? (not Burp Professional). I can upload the plugin to my BE server, upload the scanning profile...

Last updated: Jan 05, 2022 03:03PM UTC | 0 Agent replies | 0 Community replies | Burp Extensions

How to view audit requests generated by Collaborator Everywhere?

I would like to inspect those requests sent by Collaborator Everywhere extension to see whether it works or not. I concern this issue since I cannot get any access log in my Apache2 server used to test (forensic_log mod is...

Last updated: Dec 23, 2021 11:34AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Log4Shell Scanner and Log4Shell Everywhere

Hello Team, I tried to install Log4Shell Scanner and Log4Shell Everywhere extensions using BApp Store in Burp Extender to test the log4j vulnerability. I have tried the below process: 1. New Scan -> Scan details ->...

Last updated: Dec 22, 2021 10:07AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Turbo Intruder

Hello team, I'm practicing the upload file vulnerabilities labs now and i tried to solve it with introduce solution but i still getting 400 errors back at the turbo intruder and can't achieve the secret. The lab:"Web...

Last updated: Dec 21, 2021 09:17AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Add extension to active scan

Hi everyone, Can I add/edit an active scan payloads list? Can I add a custom extension to the active scan extension so my custom extension will be triggered during the active scan as well?

Last updated: Dec 13, 2021 10:49AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

RSS feed for burp extensions

Just like the burp versions, is there an RSS feed for newly added extensions in the bapp store? Or should one write a custom parser on it?

Last updated: Dec 13, 2021 09:21AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

HTTP Request Smuggle false positives

Hello, I've learned a lot on this topic by resolving every lab, but now I have been trying to find them in the real world and when I use this extension many times it finds at possible CL.TE or TE.CL and it always says...

Last updated: Dec 10, 2021 11:55PM UTC | 0 Agent replies | 0 Community replies | Burp Extensions

How to invoke a burp enterprise scan with extension from command line / jenkins CICD

Hello, Our organization has a burpsuite enterprise license. We are trying to invoke burp enterprise site (with custom configuration and extension) from jenkins or from REST API - POST screen. I have created a burp...

Last updated: Dec 06, 2021 09:13AM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

ip rotate

i have installed the extension IP rotate and require fields. further provided required access key and secret key from aws services. yesterday it was functioning well. but now it is not getting enabled only and at the same...

Last updated: Nov 25, 2021 08:27AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Issue with ATOR Loading an Access Token

I seem to be having an issue with the way that ATOR is pulling an access token from a Request. I have dug into the issue and it appears to not be properly pulling the token and replacing it in my requests. I tried a few...

Last updated: Nov 18, 2021 07:43AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

21 22
23
24 25

Page 23 of 51

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image