Burp Extensions - Page 4 - Burp Suite User Forum

burp-batch-report-generator for Enterprise

Does anyone know of an extension for BSE that will allow us to generate and download reports for multiple scans at once? If we have a folder with many scans, is there a way to download reports for all Completed scans...

Is there any way to run another scan profile instead of "doActiveScan" on a extension?

Is there any way to run any other Burp Scan profile like "Audit checks - medium active" instead of "doActiveScan"?

Network Protocol Error

Hello Team, We are doing assessment for one of our internal application. However, whenever we try to intercept the traffic through BurpSuite, application is inaccessible with error: Network Protocol Error. For other...

How to add a shortcut of extension feature

Hello Using the context menu for "https://github.com/portswigger/copy-request-response" every time feels lazy to me. I want to use extension's context menu by shortcut but i can't find related feature in burpsuite...

Burp Intruder Usage

Is is possible to run intruder in such a way that i could set some time delay of like 30 secs or a minute after a specific number of requests..For example let's say I'm running intruder with 100 payloads that generates 100...

http request smuggle (http/2 smuggle probe)

The h2.cl request smuggling lab is straight-forward when performing manually. However, want to make sure the extent to which i can rely on the extension and scanner for detection. When i run the http/2 smuggle probe it...

Burp Intruder consuming all RAM memory

When using Turbo intruder for brute force attack with 29 million passwords, the extension consumes all ram memory in few hours. My laptop has 32GB of RAM. What would be the problem? Why does the turbo intruder store...

addCustomeHeader is not available in rules dropdowwn to select

Hi Team, I have added custom headers in addCustomHeader extention and trying to integrate with session by tagging it to Rules. But when i tried to select extention, its not available in dropdown. Thansk

Failed to Upload Active Scan ++ in Burp Enterprise Edition

I want to add the active scan++ extension to my Burp Enterprise Edition. I've downloaded the active scan++ bapp file from the Bapp store. While trying to add/upload this file in extensions, it says 'Unsupported Bapp...

Burp Suit Professional 2022.3.1 is not supporting HTML tag

Hi team, We have one extension in which we have used HTML tags at different places to add color, font and other html features. Our extension was working fine with Burp Suite 2022.2.4 but after we upgraded to the newer...

Formatinng scanIssue

Hi, I am new to writing extensions in Burp and was just wondering how I can format the scan issues. With the Issue Detail I would like to colour code parts of the message, but whilst the API mention it accepts limited...

Scan Configuration

I am building an extension that calls doActiveScan and doPassiveScan. Is there a way to specify the scanner configuration. Currently tasks are created and there is a default scanner configuration used named Current auditing...

Lab: Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL vulnerability

Good morning, The following request in the provided solution did work for me but I don't understand how it's calculated. POST / HTTP/1.1 Host: aca11fb21f25e1e3803a19b400f90012.web-security-academy.net Content-Type:...

About audit and how to judge start and end

Basically, I select one request from the history tab, run the audit, and then start auditing the next request after it finishes. I want to play a sound to notify when Audit (doActioveScan) starts and when Audit...

Extensions Load Error

Hello, While installing java or ruby related plugins, plugins with python do not load and give an error message. I tried to download from the bapp store is not installed. Burp Suite Professional 2021.10.3 OS:...

Burp Cookie Jar cookies not applied to requests for any tool

I am currently writing a Java based Burp Extension in order to navigate a complicated authentication system. I found that the macro recorder and other methods built into burp could not handle it, so I resolved to the...

URI as insertion POINT

Hi, I am curious if we can insert out payload inside URI, We have multiple insertion points but all those are related to parameters and there is no insertion point returned for URI while BurpSuite ActiveScan does check...

Burpsuite API: is it possible to change the Socks/HTTP proxy settings through it?

Hello, All's in the title! I have been trying to figure out how to do these things but I could not find any documentation regarding them. Any help would be appreciated.

burp theme change

if anyones got irritation in eyes looking at white burp for a long time then---> https://github.com/CoreyD97/BurpCustomizer/releases download the jar file and open extender and add the extension and u can change the theme...

AMF

What is the current state of AMF support within Burp and Burp plugins? Searching through old support post most AMF support seems very outdated. I'm using Pro 1.7.30. I've tried Blazer. It throws a null pointer...