Burp Extensions - Page 3 - Burp Suite User Forum

HTTP Request Smuggler doesn't work

HTTP Request Smuggler is not working properly, when I start Attack, it does not proceed from "ENGINE WARMING UP". The execution environment is as follows. ・Burp suite:2023.10.2.3 -2023-10-02 ・Extension : Both are the...

API Testing using Postman Collection file

Is there any Burp Extension to run API Testing using Postman Collection file?

tcp proxy

Dear Sir, Can we capture and modify the tcp request and response through burpsuite.

Montoya API Scanner Examples

Hi, I'm trying to build an extension that reads results from the BurpSuite Pro scanner using the Montoya API and I was wondering if there are any examples out there for how to handle audit issues?

Importing and Using Arbitrary Java Classes

Is it possible to make use of arbitrary classes imported from external modules in Java, e.g. the UriBuilder class? My extension makes use a class in the same project folder that implements logic to generate a token that I...

Custom Send To on Mac

Hi all, i’m curious if anyone has installed and run the extension called Custom Send To on a Mac? I am looking for a way to send the body of a response to a API/URL and receive back response from that URL and this was...

WebSockets - Message Size Limit

Hi - I've dropped support a message about this, however, I just thought I'd try here too just in case anybody else has had a similar issue. I'm utilising the Montoya API in a Burp extension to test an app that uses WSS....

Burpsuite Extension Reshaper and Custom Send To doesn't work

I am trying to run a Linux command within Burp Suite. First, I tried to use the Reshaper Extension to "Run Process" as a command line in Linux. Please see my setup below: When: Event Direction: Request Then: ...

HTTP Request Smuggler - Dashboard Items Not Working

Running Burp Pro 2024.3.1.4 and HTTP Request Smuggler v2.16 on MacOS 14.4.1 When I run a Smuggle Probe on a request, the findings appear in the Dashboard's Summary tab but they do not appear in the Issues tab. If I try...

messageEditorHttpRequestResponse cannot update multiple http headers

Hi there, I tried to use montoya to update 2 http headers messageEditorHttpRequestResponse.setRequest(messageEditorHttpRequestResponse.requestResponse().request().withUpdatedHeader("header1", "test1")); // ...

Request Highlighting

I'm working on a new ScanCheck Burp extension and running into some issues using the highlighting functionality. AuditInsertionPoint (e.g. as created using AuditInsertionPoint.auditInsertionPoint()) has a method...

Check if a BCheck is already installed

Hi, I've used the method importBCheck() that will run on startup. However, if the BCheck is already installed, it just duplicates the BCheck. I've hacked a solution to look at the path key in the user json to see if...

Bcheck enhancement

Hello: I had the same idea of devlop some script engine to achive burp scanner rule like bcheck and completed recently,which was based yaml.So I want to discuss with you about the bcheck ability： 1. would you consider to...

I cannot install Autorize extension from BApp

I'm enrolled in APISec University and I'm trying to install Autorize, but keep getting errors. I follow the instructions, but keep getting errors regardless of which method I use to try and install it.

How do I get Add Custom Header extension to work

I've input the Header name and value but the custom header doesn't show up in requests in Proxy. Are there any alternatives? It would be good if this worked - many programs require it

Not able to convert string to JSON object in Burp Extension using Montoya API

Gson gson = new GsonBuilder().setPrettyPrinting().create(); String jsonString = "{ \"name\" : \"John\", \"age\" : \"20\", \"address\" : \"some address\" }"; JsonElement jelem = gson.fromJson(jsonString,...

ClassNotFoundException from extension using Jersey

Dear support, I have written an extension that is using behind the scene Jersey. Jersey is an open source framework for developing RESTful Web Services in Java. It provides support for JAX-RS APIs and serves as a JAX-RS...

Accessing Requests of Audit issue with No Response in Burp Suite Using an Extension

I have an issue detected by the issue handler in Burp Suite, where a time-based SQL Injection vulnerability is identified but there's no response in the issue details, only a request. How can I access this request using an...

Extensions Development - Burp Launching and Licensing Issue

Hi All, I am beginning to contribute to a Burp Suite extension and I'm running into some issues debugging. I have followed the instructions in this thread:...

JWT Editor cannot be loaded anymore

Hi, I installed the Burp Extension "JWT Editor" and used it for a couple of days. Now it is not loaded anymore when I start Burp. I unloaded and reloaded it, removed and re-installed it, JWT Editor is simply not working...