Burp Suite User Forum

Login to post

Spider treating active scan URLs with injected parameter queries as new urls to spider.

I built an extension that successfully spiders the application, but I have a problem where when active scanning starts in earnest, eventually it starts adding injected URLs into the scanning scope, thus duplicated the amount...

Last updated: Aug 17, 2016 11:16AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Load Extensions Headless

Hi, Can anybody tell me if loading an extension headless is still not possible as per https://support.portswigger.net/customer/portal/questions/9700725-load-an-extension-headless? I really need that to setup automatic...

Last updated: Aug 12, 2016 01:47PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

ofve49a2oc

<a href="http://hj7em18wwlos5wkj2clv.com">r9t9d08zud</a> <a href="http://sosn7mpf61awdd.com">486ir4cxhq</a> <a...

Last updated: Jul 28, 2016 02:07PM UTC | 0 Agent replies | 0 Community replies | Burp Extensions

8dgoljfc1l

<a href="http://7pg5m5z4808zp0vp.com">qfvsmsltdp</a> <a href="http://qm5a2k3y.com">vok3qgns30</a> <a...

Last updated: Jul 28, 2016 02:07PM UTC | 0 Agent replies | 0 Community replies | Burp Extensions

processmessage called multiple times

Hi, I'm working on an extension that uses the IProxyListener's processProxyMessage, and I've noticed that processProxyMessage is seemingly called 3 times for each request (not response, specifically request). Is there a...

Last updated: Jul 20, 2016 08:13AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Remove URL from Scope

Hi, Is there any way to remove a URL from the list of target scopes? (Not excluding a url, just removing it from the include list) Thank you

Last updated: Jul 15, 2016 03:40PM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

Issue and question when implementing a ScannerInsertionPointProvider

Hi, Earlier this week I implemented a ScannerInsertionPointProvider to allow the active scanner to scan the custom type of multi-value parameters used by an application I was testing. Basically some parameters contained...

Last updated: Jul 07, 2016 01:18AM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

How to send a request with different cookie value

Hi, I'm a noob and I would like to create an extension that after selecting a previous request allows to send automatically a new request with a different value for a certain cookie. Is this possible? If yes which API's...

Last updated: Jul 03, 2016 11:31AM UTC | 0 Agent replies | 0 Community replies | Burp Extensions

lack of "/" in InsertionPoint

Hi, Burp Support Team I am trying to write an extension to improve activeScan. But I encountered a problem. When I sent http://example.com/test to activeScan, my extension can receive insertionPoint of type...

Last updated: Jun 29, 2016 08:04AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Custom issues in Burp-report

Hi Team, I have created an extender. Now, I want to run my extender along with active scan. What are all the steps to be followed? Request your guidance/support for the above said query. Thanks in...

Last updated: Jun 09, 2016 08:03AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Directory guessing extension for the Scanner

Is there any way to augment the scanner's capabilities to search through a list of directories that I specify? I know how to do this in intruder, but I want to be able to have this trigger automatically during a Burp...

Last updated: Jun 01, 2016 04:36AM UTC | 3 Agent replies | 4 Community replies | Burp Extensions

Variable Persistence

Is there a way to persist a variable between requests in an extension? For example I want to take a parameter from one response and then in a later request use this to calculate a different parameter? The value which needs...

Last updated: May 11, 2016 01:47PM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

Burp Extender socks5

I want to developer extender by jython, The Extender is port scan. I want all the traffic through socks5, How do i

Last updated: May 11, 2016 08:29AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Building a Burp Intruder extension that generates multiple payloads for a single request.

I'm working on a Burp Intruder extension for pen-testing our own custom API. As part of the protocol, a HMAC is generated by the client and added to the header, along with another custom header parameter. The body contains...

Last updated: May 11, 2016 07:12AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Burp Extension

I am trying to create a burp extension which scans for particular text in the response. Now I want this text to be dynamically defined by the user. How do I do that ? As in consider search functionality as extension...

Last updated: May 09, 2016 12:28PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Manual Scan Issues Extension exception with Burp 1.7

java.lang.NullPointerException at burp.BurpExtender.createMenuItems(BurpExtender.java:76) at burp.nbd.a(Unknown Source) at burp.bmc.a(Unknown Source) at burp.ofc.a(Unknown Source) at burp.ofc.a(Unknown...

Last updated: Apr 26, 2016 07:38AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

extension - Burp-hash

I've been using the Burp-hash extension but its starting to be unreliable. Is anyone else getting a lot of false Issues reported with the Burp-hash extension? I get the following often and its not even valid within...

Last updated: Apr 10, 2016 08:55AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Modify Response depending on request

Hi I need to write a python extension to modify responses depending on what the actual request was. Responses coming from server may be the same for different requests (like 400 Forbidden). I am using the IProxyListener...

Last updated: Apr 08, 2016 12:35PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

wsdler and Basic Authentication

I am using WSDLER against a web service which uses basic authentication. Even with 'Platform Authentication' enabled (Options>Connections) and the correct host/type/username/password set, attempting to parse the WSDL results...

Last updated: Apr 06, 2016 11:45AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Request/response timing

Hi, I've been playing with java api to try and extract timing info for intruder sessions. Using the custom logger as a base I'm putting the request url and current time into a map, then when a response is received looking up...

Last updated: Mar 23, 2016 09:02AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Page 30 of 34

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image