Burp Extensions - Page 37 - Burp Suite User Forum

Generating Customised Intruder Attacks from an Extension

Hi, I'm trying to create a burp extension which generates customised intruder attacks. I'm aware that I can create attacks with some level of control...

How to integrate Scan Check Builder integration with Burp Extension API

How to integrate Scan Check Builder integration with Burp Extension API? I'm able to submit active scans by selecting profile manually through tool. But I want to integrate Scan Check builder with Burp Extender API to...

Error "Request was dropped by the user" in Custom tab while using Burp extender

Hi, I am new to building burp plugin, I have implemented a message editor, but when I toggle the interceptor on and off, I get an error in the text editor itself: Error: "le>Burp Suite Professional</title> <style...

Persist IBurpCollaboratorClientContext

Hi, is there a way to persist IBurpCollaboratorClientContext object? When I reload my extension and get IBurpCollaboratorClientContext with callbacks.createBurpCollaboratorClientContext method it still fetches interactions...

Carbonator scans not accurate

I just downloaded Carbonator extender through bapp and have use the command ./burpscan.sh http 127.0.0.1 80 /DVWA/vulnerabilities/ This launched burp UI and I checked that the scan does not detect SQL Injection, XSS or...

Jira integration in the Scanner tool

I would love to see an integration with Jira bugtracking. This way the scanned vulnerabilities can be quickly documented and sent for mitigation. The creation of the issue would preferably include the description and...

Testing environment

Hi, I'm developing an extension and by this time got annoyed of development process where I need to restart extension to see the changes applied. Is there any way I could set up a testing environment where I could import...

Python extension import package error

Hello, I've run into an application that AES encrypts the body of HTTP requests and responses, I am writing an extension to decrypt and encrypt the payloads. I am writing the extension in Python and I receive an error...

Burp Extension + UpStream Proxy SLOWWWW

Hi all, I created a burp extension that decrypts AES traffic. The infrastructure I am testing is in such way that all requests' payloads are being encrypted with AES. In order to work around this, I am sending the...

Is it possible to retrieve the path of the currently open project?

I would like to retrieve the path of the currently open Burp Project to reference some resource on the filesystem relative to the project directory. I am unable to find a suitable API to do this in the documentation. Is...

when I install a python extender(burpsmartbuster), it points out that "failed to load bapp"

I have already install jython.jar file(2.7,the file has been selected in options) and python(but i have two versions of python and both of them is system variables) the error messages is...

Request interception

Hi there, I'm aware that if you register a IHttpListener you are able to intercept requests before they are sent out. Is it also possible to intercept a request prior to assigning it a tool, for example, the...

Method to Pause/Unpause Scanner

Does the API include methods for an extension to pause and unpause the scanner? I have searched the Javadocs but didn't find any. My scenario is an extension that implements ISessionHandlingAction to re-login the user...

Unable to edit the content headers

What is wrong in the below code ? I do not see the request getting edited as I don't find the 'Edited Request' tab at all: package burp; import java.io.PrintWriter; import java.util.List; public class BurpExtender...

Session dies while scanning

Guys, I have this very general problem. I did a search across the google, but did not find a proper solution. This is what I have done: I have created a session validation under Projects->Sessions Under that, I have a...

System.exit() kills Burp

I'm building an extension that will call a Java command line program from within Burp (by calling the main() method). Unfortunately, when the command line tool finishes, it calls System.exit(0); which doesn't just kill the...

Output in the UI

This is my code: package burp; import java.io.PrintWriter; import java.util.List; public class BurpExtender implements IBurpExtender, IHttpListener, IProxyListener { // // implement IBurpExtender ...

Sending an unmodified and a modified HTTP request

I am trying to write an extension that when the user makes a request the extension will send two requests, an unmodified request so that the browser will load normally and one where a parameter is added at the end of the URL...

BURP CI Driver

hi, i downloaded Burp CI driver that provides a command-line interface for use by any CI platform. but not able to execute any commands using the jar file also could not find any source in google. could any one suggest...

Scanning a site with basic authorization (Burp suite enterprise Rest API)

Hello. I want to scan sites where basic authorization is installed. What tokens can I use in building a curl request for basic authorization? curl -vgw "\n" -X POST 'http://burp.link.to.rest.api/v0.1/scan' -d '{ (???basic...