Burp Suite User Forum

Making a custom extender interface

Hi to all! Im currently creating a burp extension and I was wondering if there was any way to make an interface for it (Not just print things into the extender console). I read something about some drag and drop feature...

Last updated: Sep 20, 2019 12:39PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Packing/Unpacking custom POST data format for Active Scans

I'm trying to write an extension to test a mobile API endpoint that uses a homebrew message level encryption format. Basically there is a pre-shared AES key between the mobile app and the server, and the JSON POST data gets...

Last updated: Sep 20, 2019 08:08AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

trigger an active scanning programatically

Dear burp team, From an extension I would like to firstly do an passive scanning. Once the application was scanned then I would like programatically for each (passive) request to do an active scanning. The goal of all...

Last updated: Sep 11, 2019 08:26AM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

Burp 2.0 extension-only audit

I have a local page that I use to test for LFI attacks, when I used to run active scan against this page in Burp 1.7.37, I get the attack detected by different extensions, e.g. J2EEScan. I tried to scan the same page in...

Last updated: Sep 09, 2019 06:35AM UTC | 4 Agent replies | 3 Community replies | Burp Extensions

Bapps folder and non BApp store extensions

Hey guys, I have a question on how Burp installs extensions from BApp store vs local extensions. It looks like for ones installed from the store, Burp stores them under the bapps folder. However for locally sourced ones,...

Last updated: Sep 04, 2019 09:14AM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

Accessing marker indexes from Intruder Payload

Hello Support, I am trying to grab the indexes from a user created Intruder payload but it doesn't seem like it is possible within the APIs. If I already have markers I can apply them to a IHttpRequestResponse object with...

Last updated: Aug 30, 2019 10:56AM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

Serializing IScanIssues

Hello Support Team, So I have created an implementation of IScanIssue but I am getting errors when trying to JSON encode the class like this: "java.lang.IllegalArgumentException: jdk.internal.ref.PhantomCleanable<?>...

Last updated: Aug 29, 2019 08:59PM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

Packaging Burp Extensions

How are we supposed to package extensions that require both Java and Jython? I've an extension which uses 2 python projects and those 2 use python modules like six. How should I package it for distribution?

Last updated: Aug 29, 2019 09:43AM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

how can I add the resulting of this a burp plugin to the sitemap?

Hi I made a burp plugin to convert get to post and post to get and it is working when I am scanning the web app but how can I add the resulting of this plugin to the sitemap? this is my burp...

Last updated: Aug 28, 2019 12:21PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Burp Extensions Distribution

Hello, Can you please help with the question at https://support.portswigger.net/customer/en/portal/questions/17629848-packaging-burp-extensions?new=17629848? Not sure if it's not answered as there is a reply post which...

Last updated: Aug 28, 2019 07:20AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Generating Customised Intruder Attacks from an Extension

Hi, I'm trying to create a burp extension which generates customised intruder attacks. I'm aware that I can create attacks with some level of control...

Last updated: Aug 24, 2019 05:59PM UTC | 2 Agent replies | 2 Community replies | Burp Extensions

How to integrate Scan Check Builder integration with Burp Extension API

How to integrate Scan Check Builder integration with Burp Extension API? I'm able to submit active scans by selecting profile manually through tool. But I want to integrate Scan Check builder with Burp Extender API to...

Last updated: Aug 23, 2019 08:05AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Error "Request was dropped by the user" in Custom tab while using Burp extender

Hi, I am new to building burp plugin, I have implemented a message editor, but when I toggle the interceptor on and off, I get an error in the text editor itself: Error: "le>Burp Suite Professional</title> <style...

Last updated: Aug 15, 2019 02:39PM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

How to set active scanner insertion points

I'm trying to set custom insertion points for the header,query param and body parameters. Currently I'm using active scan method by passing manually caluculated...

Last updated: Aug 14, 2019 12:12PM UTC | 2 Agent replies | 0 Community replies | Burp Extensions

Failed to load Python interpreter from Jython JAR file

Hello Dear, I am facing an error. I am not able to add my extension in Burp. I am getting the follow error: java.lang.Exception: Failed to load Python interpreter from Jython JAR file at burp.a3t.<init>(Unknown...

Last updated: Aug 14, 2019 10:14AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Persist IBurpCollaboratorClientContext

Hi, is there a way to persist IBurpCollaboratorClientContext object? When I reload my extension and get IBurpCollaboratorClientContext with callbacks.createBurpCollaboratorClientContext method it still fetches interactions...

Last updated: Aug 07, 2019 04:45PM UTC | 3 Agent replies | 3 Community replies | Burp Extensions

Carbonator scans not accurate

I just downloaded Carbonator extender through bapp and have use the command ./burpscan.sh http 127.0.0.1 80 /DVWA/vulnerabilities/ This launched burp UI and I checked that the scan does not detect SQL Injection, XSS or...

Last updated: Aug 05, 2019 04:32AM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

Jira integration in the Scanner tool

I would love to see an integration with Jira bugtracking. This way the scanned vulnerabilities can be quickly documented and sent for mitigation. The creation of the issue would preferably include the description and...

Last updated: Aug 01, 2019 06:41AM UTC | 5 Agent replies | 4 Community replies | Burp Extensions

Testing environment

Hi, I'm developing an extension and by this time got annoyed of development process where I need to restart extension to see the changes applied. Is there any way I could set up a testing environment where I could import...

Last updated: Jul 23, 2019 08:09AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

saving state for extension data

Is there a method to save/restore extension data as part of Burp's "save state"? I didn't see anything in the API docs. Just trying it, the extension data wasn't saved during a save and restore. Anything I'm missing, or...

Last updated: Jul 17, 2019 01:02PM UTC | 7 Agent replies | 6 Community replies | Burp Extensions

Page 4 of 19

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image