Burp Extensions - Page 3 - Burp Suite User Forum

Calling Logger through Montoya?

Hey there, I'm trying to create an extension which has a listener attached to the Burp Logger. Every time new requests/responses are logged, the extension will look through the new requests/responses and save the...

Montaya extension examples

For the old API (weiner) there was example in java, python and ruby. For the new montaya API there are only examples in java. Please add examples in python and ruby too.

Python Extension Loading Errors

I'm encountering this issue with all Python extensions from the BApp store and my personal extensions. This started to happen after a burp update at some point. I'm currently running 2023.10.3.4 but this started to happen...

HTTP Request Smuggler CLI

Hello portswigger, I want to use the HTTP Request Smuggler extender as cli, how can I do it? Regards.

Multiple IMessageEditorTab

I am working on creating two IMessageEditorTabs, one for requests and the other for responses. I know that I could use just one IMessageEditorTab and check whether the message is a request or response inside it. However, I...

Log4jShell scanner removed? Does Active scan++ supports Log4jshell?

Hi, Any reason why Log4jShell scanner extension is removed from BApp Store? Also, since Log4jShell scanner removed, does for all the below variants are supported by Active scan++ Feature Log4Shell scanner (this...

HTTP Request Smuggler doesn't work

HTTP Request Smuggler is not working properly, when I start Attack, it does not proceed from "ENGINE WARMING UP". The execution environment is as follows. ・Burp suite:2023.10.2.3 -2023-10-02 ・Extension : Both are the...

I can't install Highlighter and Extractor extension

Hi! I have a problem with the "Highlighter and Extractor" extension, it happens that when I want to install it from the BApp Store or manually, it gives me the following error: java.lang.Exception: Extension class is not...

Batch Scan Report Generator - faild to create reports

After the new Burp Professional upgrade version 2022.9.5, Batch Scan Report Generator is failling to create reports. The plugin print the message "Report Generation Complete!" but it it doesn't saved the report to the...

Montoya API: Burp 2023.10.2.4: java.lang.Exception: Extension class is not a recognized type

I have created a helloworld extension using the Montoya java code and getting the below error when I try to load (exported runnable jar: helloworld.jar) it in Burp UI: java.lang.Exception: Extension class is not a...

Error in JRuby extension in newest Burp versions

Hello, I've started to get errors in JRuby extension starting from v10 of Burp Community Edition (MacOS M1). JRuby version is 9.3.11.0 The error is raised when 'net/http' library is used. The error...

CO2 extension marked by antiviruses as malware

The CO2 extension is considered malware by more AV/EDR vendors. I could not find a reason behind it and our EDR vendor did not share their reasons either. Do you have a clue what is going on here? The page for the...

Show changed responses from Extension in Repeater tab

Hello! I develop my custom extension (using Montoya API) which modifies request from the Repeater before sending it to the target host. It works great - in Logger I see all changes. But I am also want to see modified...

Time based request

Hi Team, Does burp suite has any functionality wherein it can revoke either an extension or a request after a certain period of time? Or any extension having the functionality wherein it can send a request after a...

Turbo Intruder - race-single-packet-attack.py Not queueing requests

Hello, I'm doing some research regarding James Kettle's single packet race conditions. I've tried his probe script as well as race-single-packet-attack.py but it doesn't actually queue the requests. The majority of...

Does Burp create a copy of an installed extension?

When developing a new extension, one has to install it multiple times. I noticed that Burp Suite will keep track of where the JAR is originally located when you add it as an extension. I was curious if it's possible...

Turbo Intruder: Script with randomly generated strings

The integrated Intruder is great, but I still wanted to use the speed of the Turbo Intruder for some tests in our fuzzy lab. The handling of the characterstrings to be generated has to be very flexible and this is what came...

Error Message: 'Configuration JSON Found' in Burp Suite Extension Loading

I'm using burpsuite pro v2023.10.3.1 and I'm currently facing an issue while loading extension on java and python enviroment. I can install java 18 in windows11 and i have loaded jython-standalone. When I attempt to load an...

Turbo intruder has encoding base64??

Hi dear İ have a target it's login page encoded with base64 (user password) i easily could attacked successfully with intruder because it had payload rule that encoding credentials to base64 or hash or .... but in turbu...

extension error when load in java environment

"I'm encountering an issue in Burp Suite where I receive a 'configuration JSON found' error message when trying to load an extension. Could you please help me diagnose and resolve this problem?" "I've come across an...