Burp Suite User Forum
Hello, With the aim of automating Burp scan in a development cycle, I wish to get the proxy history of a specific Burp project and launch an active scan on each items. To do so I was wondering if you would make the...
I've written a Burp Extension to add functionality. Everything works great, but I'm having one very stupid issue. When a user Right-Clicks on a Request/Response the context menu allows them to send these requests to my...
Hello Burp, I wrote a new Burp Suite extension and I can load it to Burp and work with Burp. But I want to give a parameter to the extension so this extension can use this parameter while its running. How it is possible?...
Hi I'm aware of Match and Replace feature to change response on the fly. But is there a way to do it from plugin API ? I'm looking at potential API...
Hello there, I am getting the following exception when I'm trying to log a Jython extension I made, please let me know if anyone has face this :S java.lang.RuntimeException: org.python.core.PyException at...
Hi! I'm new to extending Burp and I wanted to add an active scanner plugin for some injections. When I making the requests with a payload with special characters, for example <script>alert(1)</script>, the request...
My question is about the consolidateDuplicateIssues Method. Currently I am writing an extension that passively scans for certain strings in requests. The problem is that there are multiple requests for each site, and the...
Hello, Whenever I try to use BurpSmartBuster it generates errors and does not work properly. It had worked at some point in the past, but that was at least 6 months ago. I am using Burp Suite Pro 1.7.32, on Windows...
How to use collaborator and what are settings for to use it? and can any one provide me an example for how it works.
Hi! When I making the requests with special characters, for example <>, the request is encoded with "URL encode". How could I send the request without encoding anything? My code is as follows: for(String payload:...
I have created a custom extension that takes all requests of a certain domain from the sitemap, does some magic on the insertion points and then adds the requests with custom insertion points to the active scanner. I'm...
While scanning the XVWA (Xtreme Vulnerable Web Application) consisting the vulnerability-PHP Object Injection i.e. Insecure Deserialization, burp extension "PHP Object Injection Check" doesn't report with the same...
Any guides out there on getting started writing extensions? I've found sample extensions and I can build them with Intellij, but I'm not familiar enough with java to create the jar file. Thanks
Hi Burp, I have installed the Replicator extension and can send requests to it. However, when creating a replicator file as a tester, I am not able to edit the 'Grep Expression' field or add/select any expression to...
Hi, I am just starting to learn about writing extensions for Burp and am using Eclipse/Java. I have built and run my first "Hello World" extension and am wondering why Burp is showing it as "Legacy Java" on the...
I see the raw request with junk data for one of the operation in Wsdler. I added the Send to Intruder for the request in wsdler operation and when I navigate to Intruder, I encountered an error.Can you please suggest the way...
Using the "processHttpMessage" method I'm able to edit a request. How can I make this changed request show up in the proxy as an edited request (just like when a request is edited with proxy intercept)?
Hi, I am working on an extension that has its own JTabbedPane. I am trying to highlight a tab in my extension's JTabbedPane but for some reason the call to setBackgroundAt() simply does nothing. Oddly enough I am able to...
I've noticed that XML exports of scan issues now include a <vulnerabilityClassifications> field that contains CWE information: <vulnerabilityClassifications><![CDATA[<ul> <li><a...
Hi All, thats my first post on Burp forum! :) I'm here for a noble cause I guess: trying to give TSL 1.2 support to the glorious (and mistreated) Windows XP. It seems infact the only way to do that, is to configure the...
Page 40 of 50
Your source for help and advice on all things Burp-related.