Burp Suite User Forum

Login to post

carbonator for remote scan

I have installed carbonator,java and jython. I have configured proxy, upstream proxy and intercept to be turned off. The same configuration is saved and I m using this in commandline. java -jar -Xmx2g...

Last updated: Nov 06, 2020 10:09AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

IResponseVariations list with details

Hi, I need to use the IResponseVariations for an extension. I enumerated the attributes using the getVariantAttributes and getInvariantAttributes but I'm not sure on the meaning of all the attributes/attribute...

Last updated: Nov 05, 2020 10:36AM UTC | 3 Agent replies | 1 Community replies | Burp Extensions

Wsdler

I have had success in the past using this extension to parse out operations associated with a web service and generates SOAP requests that can then be sent to the SOAP endpoints. However, with Burp v 2020.9.2 on Windows,...

Last updated: Nov 04, 2020 10:57AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

How to highlight the tab of an extension?

Hi, I am working on an extension which has its own tab, it uses regex to search for a specific pattern in an HTTP response. I want to notify the BurpSuite user once the pattern is found, just like what `Proxy` tab does...

Last updated: Nov 03, 2020 09:35AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

WebSocket API

I'm dealing more and more with websockets: is there _any_ way to modify requests on the fly? I'm not afraid of writing a custom extension or fiddle with scripting my own tools. FWIW, if you provide some guidance, I could...

Last updated: Oct 27, 2020 01:27PM UTC | 8 Agent replies | 10 Community replies | Burp Extensions

Safety of Bapp Extensions

What does portswigger do in terms of reviewing submitted extensions for safety. Malware/virus scan? Code review? Static/dynamic security analysis? Or are they offered as "use at your own risk"?

Last updated: Oct 22, 2020 08:26AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Burp Scanner stuck

Hi, I have just stated an unauthenticated scan for one of our website which is accessible through internal VPN only. since last more than 1 hour, I can see that Burp has got stuck on " Unauthenticated crawl. Estimating time...

Last updated: Oct 12, 2020 09:47AM UTC | 1 Agent replies | 2 Community replies | Burp Extensions

using IMessageEditorController in Repeater

Hi guys, I am trying to create an extension that adds a tab to the message editor where I need to access request values like the url in the response tab. As far as I know this is done using the getRequest method of the...

Last updated: Oct 09, 2020 08:50AM UTC | 3 Agent replies | 2 Community replies | Burp Extensions

Send a request through the proxy

Is there a way to send extension request through the proxy? I would like to add the output of one extension to the proxy history. Thanks.

Last updated: Oct 06, 2020 02:29PM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

Good morning, The following request in the provided solution did work for me but I don't understand how it's calculated. POST / HTTP/1.1 Host: aca11fb21f25e1e3803a19b400f90012.web-security-academy.net Content-Type:...

Last updated: Oct 05, 2020 05:40PM UTC | 1 Agent replies | 3 Community replies | Burp Extensions

Created new burp extension for intruder

Hi, Created a new burp extension for intruder. With this extension users can use Hashcat Maskprocessor arguments to create a bruteforce attack. If this code fits in "BApp Store" here is my...

Last updated: Oct 05, 2020 08:44AM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

Lab: Combining web cache poisoning vulnerabilities

Has anyone noticed an issue with Param Miner not able to find the headers required for this lab? Not sure if it's my Param Miner, my Burp, or the lab itself. I've tried by disabling nearly all the other extensions, but my...

Last updated: Oct 03, 2020 02:46PM UTC | 4 Agent replies | 8 Community replies | Burp Extensions

getProxyInterceptionEnabled() ?

Hello, For an extension I'm developing, I'd like to have the getter counterpart of setProxyInterceptionEnabled(), that would return either the proxy is enabled or not. I'm not able to find it anywhere, neither another...

Last updated: Sep 24, 2020 11:30AM UTC | 3 Agent replies | 2 Community replies | Burp Extensions

Having an IScannerInsertionPointProvider that only provides IScannerInsertionPoint objects to my extension's IScannerCheck

Hi Portswigger people I have written an extension to automatically perform a variety of manipulations on URL paths, send a modified request and then check the response. For example, add various additional extensions to...

Last updated: Sep 21, 2020 01:48AM UTC | 2 Agent replies | 2 Community replies | Burp Extensions

how to install burp moudle in jpython

as the title says,idont known how where to find the burp moudle

Last updated: Sep 18, 2020 09:29AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Unable to import Crypto.Cipher module for python plugin

Please refer to the following stack trace: Traceback (most recent call last): File "C:\Users\..\plugin.py", line 15, in <module> from Crypto.Cipher import PKCS1_v1_5 as Cipher_PKCS1_v1_5 File...

Last updated: Sep 18, 2020 06:09AM UTC | 1 Agent replies | 3 Community replies | Burp Extensions

Office Open Xml Editor (OOXE) not Displaying after install

Hello Guys ? i am using burp suite pro 2020 , some of my extension are not displaying like office xml editor, please help me

Last updated: Sep 14, 2020 07:19AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Turbo Intruder cause Burp's memory Full

Hi, I am using Burp Suite Pro v2.1.04, when I use Turbo Intruder Extension(which is working very good) and send 500+ Requests per Second sometimes burp's suite memory becomes full, 225mb and it hangs. Is there any way to...

Last updated: Sep 10, 2020 12:52PM UTC | 0 Agent replies | 2 Community replies | Burp Extensions

Setting Background of a JPanel when using the callback.CustomizeUiComponents method.

I am done creating my extension and making it look a little presentable and organized. I have been look for ways to set the background color of a JPanel when using a jpanel and calling the callback.CustomizeUiComponents...

Last updated: Sep 01, 2020 11:24AM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

Query Regarding Cross-site request forgery

Issue : In Our application we are using cookie lastAccesTimeForCurrentSession to validate the session. Previously we were not using the SameSite attribute in Cookie, Now we started using SameSite with Strict mode. Browser...

Last updated: Sep 01, 2020 10:04AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Page 3 of 24

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image