Burp Extensions - Page 40 - Burp Suite User Forum

Problem with burp extension to automate security checks of single sign-on

Hello, I'm currently trying to develop (jython) extension to automate some work with single sign-on protocols (like oauth, saml etc.). The main idea how it would work is: - Check requests if it's an sso request -...

active scan is waiting

Hi, I am working on extension that will send the url to do active scan. I noticed the urls I sent are all in "waiting" and need me to manually click "resume". Is there a way to make it scan without manual...

Counting the requests from extensions

Hi, I want to ask - when I use some extenders (e.g. Scan Check Builder), when I remove all the Active scan rules, apart from those coming from extensions, and I only have a single extension running. In the session tracer I...

Extensions class loading

Hello, I was wondering if Burp supports class loading from extensions. What I am looking for is if an extension can be made available as an API and that API's classes be used from other extensions. Does Burp's API...

Load an extension headless

Hi, I'm trying to build an easy scanner server, and need to configure Burp to scan in headless mode. As we don't have a graphical interface installed on this server, I have to do all things headless. I would like to...

How to scan all urls of a webpage from command line.

Hi Team, I have used carbonate to san url from the command line where i can pass one url at a time and it scans the url and gives me the HTML report. Can i scan all the urls of a webpage from command line at a time....

Carbonate extender not scanning the url.

Hi , I am trying to run scanner and publish the HTML report from command line. I want the feature to integrate security testing in my devops environment. I have added the carbonate extender. I am running the command :...

Attack selector always queues custom attacks

Hello there, I'm trying to figure out how to use the Attack selector extension. After creating a custom attack. I select from the context menu somewhere in Repeater/Proxy/...etc and it goes with status "queued" but...

Can't modify scanner issues context menu

When I try to add a context menu entry to the scanner issues context menu, nothing shows up, it also does not return a InvocationContext when I right click on the scanner issues.

sqlipy Hi I am having an issue with both pro and community versions and seek some help please pro

Active scanning sorting features and insertion points fine control.

Hello, With the aim of automating Burp scan in a development cycle, I wish to get the proxy history of a specific Burp project and launch an active scan on each items. To do so I was wondering if you would make the...

Burp Extension: Get Focus on Tab after Custom Menu Action

I've written a Burp Extension to add functionality. Everything works great, but I'm having one very stupid issue. When a user Right-Clicks on a Request/Response the context menu allows them to send these requests to my...

Giving some input parameters to A Burp Suite Extension !..

Hello Burp, I wrote a new Burp Suite extension and I can load it to Burp and work with Burp. But I want to give a parameter to the extension so this extension can use this parameter while its running. How it is possible?...

API function to change Response on the fly

Hi I'm aware of Match and Replace feature to change response on the fly. But is there a way to do it from plugin API ? I'm looking at potential API...

Burp Extension

Hello there, I am getting the following exception when I'm trying to log a Jython extension I made, please let me know if anyone has face this :S java.lang.RuntimeException: org.python.core.PyException at...

Design new extension - Problem with buildRequest and URL Encode

Hi! I'm new to extending Burp and I wanted to add an active scanner plugin for some injections. When I making the requests with a payload with special characters, for example <script>alert(1)</script>, the request...

IScannerCheck -- Consolidate Duplicate issues method

My question is about the consolidateDuplicateIssues Method. Currently I am writing an extension that passively scans for certain strings in requests. The problem is that there are multiple requests for each site, and the...

BurpSmartBuster Not Working

Hello, Whenever I try to use BurpSmartBuster it generates errors and does not work properly. It had worked at some point in the past, but that was at least 6 months ago. I am using Burp Suite Pro 1.7.32, on Windows...

burp collaborator

How to use collaborator and what are settings for to use it? and can any one provide me an example for how it works.

callbacks.makeHttpRequest encode special characters to url encode

Hi! When I making the requests with special characters, for example <>, the request is encoded with "URL encode". How could I send the request without encoding anything? My code is as follows: for(String payload:...