Burp Extensions - Page 34 - Burp Suite User Forum

Can't Add a Extension to be Executed by session handling rule for checking invalid session

Hi, First off just wanted to say that you guys have been doing a great job with Burp, it pretty much covers 85 - 95% of my daily web app pentesting needs with the core functionalities. So my problem is exactly as stated...

Autorize

Do i need to buy burp suite Pro to use autorize?

Custom Extension for Whitelisting

Burp Suite Pro v1.7.23 Is it possible to skip a certain link/URL for specific checks (e.g. CSRF, SQL Injection) during a scan, while remaining them ticked in Scanner Options? So for better visualization, I'll provide a...

Burpsuite Pro v1.7.30

BApp Store - Attack Selector extension - Description has a misspelling: "Qiuick scan"

Outdated extensions and open pull requests

Hello, some extensions (like "Add Custom Header") don't have their latest version available in the BAppStore, and that lasts for a few months (and I hate having to maintain private versions) First, I wonder how the...

Failed to update Bapp List

Hi, My burp store list fails to be updated. I am using my employer's proxy settings and it may create some conflicts OR block some traffic. Do you have any work around this problem? Do you know how I can investigate and...

Get All URLs from a Website

Hello, I am currently writing a burp Extension. I need to get all URLs from the Website before the active Scan. How can I do this? Thanks

Pause scanner from extension

Is there any API to pause the scanner from an extension? For example, let's say you are scanning an API with a rate limiter, and your extension can detect that you are getting close to the limit, can it pause the scanner to...

hi

OpenAPI Parser

I am not able to get the OpenAPI Parser to work. I keep getting an error message saying that "The OpenAPI specification contained in <file name> is ill formed and cannot be parsed". However, the very same file can be...

Payload generator UUID

Is there an extension of the burp that create UUIDs on payloads?

Burp Carbonator does not work for me

I am trying to play around with the carbonator feature of Burp using the demo.testfire application as a test run and had a few questions and issues. Issues: I have installed carbonator and using the command " java -jar...

XML tab "Reparse" Programmatically

Hi, I would like to know how the "Reparse" button in the request/response "XML" tab reformats XML documents programmatically via Java. Specifically, I am wondering what library(s) are used for this. I am asking for the...

Extension load error code

os win 7 java.lang.ExceptionInInitializerError at org.python.util.PythonInterpreter.<init>(PythonInterpreter.java:100) at org.python.util.PythonInterpreter.<init>(PythonInterpreter.java:94) at...

IMessageEditorTab check Tool

I'm trying to create a simple jython extension to run a regex against the HTTP response and extract key fields into a new IMessageEditorTab. Is there anyway in IMessageEditorTab.isEnabled or...

Burp Extension for Intruder Payload with multiple payload lists

Hi, I am working on creating a extension for burp suite where a user can choose from a list of payload lists [one list for angular payloads, one list for react payload] according to the framework of the application he is...

IContextMenuInvocation - getSelectedMessage of original request / response

Hi I have added a custom context menu item, which reads the selected text of the currently open request / response. So far so good, however in the history view of Burp, when i have three tabs, i can only differentiate...

Burp Suite Automation

Hi All We are trying to automate to test various vulnerabilities like xpath injection,sql injection, Cross-site scripting etc. We have referred the following link...

Send to decoder programmaticaly from extensions

There are methods in IBurpExtenderCallbacks for sending data to - repeater, - intruder, - comparer, and - spider. Why isn't there one for decoder? When writing a custom message editor with a custom editor...

buildParameter not working

I built the HttpRequest using buildHttpMessage method and trying to add Cookie and Body param using LegacyBurpExtender.getInstance().getHelpers().buildParameter and addParameter and updateParameter methods and it is not...