Burp Suite User Forum

Login to post

Building a Burp Intruder extension that generates multiple payloads for a single request.

I'm working on a Burp Intruder extension for pen-testing our own custom API. As part of the protocol, a HMAC is generated by the client and added to the header, along with another custom header parameter. The body contains...

Last updated: May 11, 2016 07:12AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Burp Extension

I am trying to create a burp extension which scans for particular text in the response. Now I want this text to be dynamically defined by the user. How do I do that ? As in consider search functionality as extension...

Last updated: May 09, 2016 12:28PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Manual Scan Issues Extension exception with Burp 1.7

java.lang.NullPointerException at burp.BurpExtender.createMenuItems(BurpExtender.java:76) at burp.nbd.a(Unknown Source) at burp.bmc.a(Unknown Source) at burp.ofc.a(Unknown Source) at burp.ofc.a(Unknown...

Last updated: Apr 26, 2016 07:38AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

extension - Burp-hash

I've been using the Burp-hash extension but its starting to be unreliable. Is anyone else getting a lot of false Issues reported with the Burp-hash extension? I get the following often and its not even valid within...

Last updated: Apr 10, 2016 08:55AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Modify Response depending on request

Hi I need to write a python extension to modify responses depending on what the actual request was. Responses coming from server may be the same for different requests (like 400 Forbidden). I am using the IProxyListener...

Last updated: Apr 08, 2016 12:35PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

wsdler and Basic Authentication

I am using WSDLER against a web service which uses basic authentication. Even with 'Platform Authentication' enabled (Options>Connections) and the correct host/type/username/password set, attempting to parse the WSDL results...

Last updated: Apr 06, 2016 11:45AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Request/response timing

Hi, I've been playing with java api to try and extract timing info for intruder sessions. Using the custom logger as a base I'm putting the request url and current time into a map, then when a response is received looking up...

Last updated: Mar 23, 2016 09:02AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Highlighting in extension-generated IScanIssue instances

Built-in scanner issues can apply highlight to both requests and responses, however I don't see any API to do so in IScanIssue instances generated by extensions. The method getHttpMessages() returns an array of...

Last updated: Mar 18, 2016 01:25PM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

Burp Extension API - list available proxy interfaces

I am writing a Burp plugin that helps with proxying devices that do not have configurable proxy settings. To do this, I have the extension intercept DNS queries and respond with an IP address that points to an already...

Last updated: Mar 14, 2016 09:06AM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

Problems with availability of HashMap in doPassiveScan (noob level)

Hi, First of all sorry for this stupid noob question, but it has been driving me crazy for hours now. Why is "hostHashMap" null in "doPassiveScan"? How can I make hostHashMap available? Many thanks in...

Last updated: Mar 10, 2016 11:25AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Problem in using SQLiPy extender

Hi, I am getting Importerror while starting SQLiPy.py api. Error thrown is no module named burp. I have loaded jython stand alone jar file. Other python extender like Authorize is working fine. Please do the help.

Last updated: Mar 10, 2016 07:32AM UTC | 0 Agent replies | 0 Community replies | Burp Extensions

burp extensions using makeHttpRequest

I'm trying to create a python Burp Extension where I new to do an HTTP request. I would like to use makeHttpRequest, however I'm getting the error: "java.lang.RuntimeException: java.lang.RuntimeException: Extensions...

Last updated: Mar 01, 2016 10:25AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Python IDE code completion

Hello, I'm trying to properly setup a Python IDE so I can start can play around and create some Burp extensions. One of the advantages of using an IDE is of course code completion. However, I can't seem to figure out how...

Last updated: Feb 23, 2016 05:52PM UTC | 0 Agent replies | 1 Community replies | Burp Extensions

Session handling in Burp extensions

Hi, I am currently implementing a specific attack with a Burp extension. Before I start the attack, I need to delete all cookies for the target domain. The attack consists of several HTTP requests. For these requests I...

Last updated: Feb 12, 2016 03:31PM UTC | 2 Agent replies | 0 Community replies | Burp Extensions

Burp Ext

When I am running burp extension, I keep on getting following errors: Scanner: Timeout in transmission from xyz.com and Proxy: No response received from remote server. Is there anything I can do resolve this error.

Last updated: Feb 09, 2016 09:54AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

NullPointerException while attempting passive or active scan from extension

Hi Team - I am using Burp Suite Pro v1.6.36 and trying to automate passive and active scanning on incoming requests via Burp proxy. I get a NullPointerException while attempting to perform a passive or active scan and...

Last updated: Feb 03, 2016 05:59PM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

AMF Deserialization Dispaly Tag

How to configure to see the AMF Deserialization tag in request and response. Refer :- https://www.netspi.com/DesktopModules/SunBlog/Handlers/Print.aspx?id=68 But it's showing error while I add it to burp extensio.

Last updated: Feb 03, 2016 08:45AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

HTTP/2 - Upgrade Header filtered

Hi, I was experimenting with curl, sending HTTP/2 requests and realised that Burp is filtering/replacing the HTTP/2 Upgrade header since version 1.6.33. Therefore no HTTP/2 communication is established with the server. I...

Last updated: Jan 28, 2016 09:17AM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

Unable to intercept the web socket requests in v1.6.34

Hi, I was able to intercept & retrieve the web socket traffic in burp v1.6.31. But same traffic I'm unable to retrieve in v1.6.34. Could you please help me to resolve this issue. Thanks & Regards, Sharath

Last updated: Jan 27, 2016 11:01AM UTC | 2 Agent replies | 0 Community replies | Burp Extensions

How can i modify http requests with processHttpMessage

Hello, Im using the following code to replace "ReplaceMe" string to "x" string in intruder request however response still didn't replace "ReplaceMe" string. public void processHttpMessage(String toolName, boolean...

Last updated: Jan 08, 2016 09:24PM UTC | 2 Agent replies | 4 Community replies | Burp Extensions

Page 25 of 28

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image