Burp Extensions - Page 36 - Burp Suite User Forum

Auditing not calling doActiveScan(...) method via Extensibility API

Hi folks, I am currently trying to learn the Burp Extensibility API using this example (in Java); https://github.com/PortSwigger/example-scanner-checks and getting stuck with something. With latest Beta version of...

SAML Raider "failureInInitialization" with BurpSuite 2.0.16 beta

Normally, the SAML Raider extension will populate a SAML Raider tab when you select a SAML request in the HTTP History. Now, instead of populating the tab, it simply says "failureInInitialization". Awesome. I'd attach a...

Burp suite render

Burp render

Burp 2.x: Create authenticated crawl from extension

Hi Portswigger Support! I'm interested in using an extension (in headless mode) to spawn an authenticated crawl while using the 2.x versions of Burp Suite Professional. In the 1.x versions, I would have done this by...

Extender Not Displaying Plugins / Can't Refresh

I am behind a corporate proxy environment using Ubuntu. Using the corporate proxy settings I am able to use Firefox to view websites as expected so Burpsuite should be able to display the BApp Store list under the Extender...

Burp scanner insertion point custom encoding

I'm trying to create an extension for scanner to specify multiple insertion points and also do some custom encoding on the payload from scanner. I'm attempting to use the following example along with the documentation to...

SQLiPy fails to load after upgrade to v2.0.14beta

After upgrading to BurpSuite v2.0.13beta the SQLiPY extension fails to load with the following error: ImportError: signal module requires sun.misc.Signal, which is not available on this platform After rolling back to...

Handle IInterceptedProxyMessage BEFORE it's sent to the server?

This is my first attempt at writing an extension. I would like to intercept certain requests, inspect them, and handle SOME of them BEFORE they are sent to the remote server. In other words, for certain requests, I would...

Scope manipulation API

Methods IBurpExtenderCallbacks.{includeIn,excludeFrom}Scope make it possible to add/remove a specific URL to/from the scope. Is there a way to use these or any other API call to perform actions like those available on the...

Retire.js not working

Hi, The retire.js extension in Burp Suite Pro is not working. I do not see any feedback during passive scanning in either the "Target>Issue" or "Scanner>Issue activity" tabs. The firefox Retire.js plugin does show issues...

Access command line through Burp extension

As per the subject, I was wondering if it is possible to access the command line (either windows or linux) through a Burp extension.

??????????????????? $399.00 USD ??? PortSwigger Ltd (mail@portswigger.net)

08 ?.?. 2019 01:09:36 GMT+07:00 ID ???????????: 9FC40466TM976523J ????????? ??? ayut intasut ??????????????????? $399.00 USD ??? PortSwigger...

Highlighting in IMessageEditor

Hello, I am trying to create an extension in which you can highlight single or multiple lines of text in the request or response tabs. I am having an issue when you add a “Graphic” to the IMessageEditor text area that it...

Custom payload processor / generator

My intruder scenario is brute forcing uids that are calculated based date. Current intruder has date payload, that is superb for the job. Now i would like to process these dates with my custom extension that formes uid...

Odd inconstancy in extension behaviour

Hello, I wrote an extension that fails for one of my user throwing an exception: --- Traceback (most recent call last): File "E:\BurpSuite Settings and Extensions\Extenders\OurExtensions\Radar\main.py", line 220, in...

IExtensionHelpers.urlDecode() not handling UTF-8

I have an input string which contains an ENDASH encoded using UTF-8 as: %E2%80%93 When I decode that in my extension with IExtensionHelpers.urlDecode(String input) I get: â?? However, the Java...

Issues with burp scanner

For one of my scan, I noticed that the scan threads request/response doesn't look like a actual captured request/response which were captured while crawling the application, Cookie part was removed from the requests for most...

Saving HttpRequestResponse to file

I noticed that there's a method called saveBuffersToTempFiles() that says that it allows saving of HttpRequestResponse objects to a file. Is there anymore information on how to use this? I haven't been able to successfully...

Exporting scan reports using carbonator

Hi Guys, I have pro license for burp and I am using carbonator to automate my scan on windows. But as soon as the scan finishes, burp shuts down and I am unable to export the reports of scanner. Could you guys please...

Burp API Javadoc not accessible

I noticed that the javadoc for the Burp API is no longer accessible. Was this on purpose for the 2.0 beta? https://portswigger.net/burp/extender/api/