Burp Suite User Forum

Create new post

Active scanning sorting features and insertion points fine control.

Hello, With the aim of automating Burp scan in a development cycle, I wish to get the proxy history of a specific Burp project and launch an active scan on each items. To do so I was wondering if you would make the...

Last updated: Apr 26, 2018 08:27AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Burp Extension: Get Focus on Tab after Custom Menu Action

I've written a Burp Extension to add functionality. Everything works great, but I'm having one very stupid issue. When a user Right-Clicks on a Request/Response the context menu allows them to send these requests to my...

Last updated: Apr 16, 2018 04:18PM UTC | 1 Agent replies | 4 Community replies | Burp Extensions

Giving some input parameters to A Burp Suite Extension !..

Hello Burp, I wrote a new Burp Suite extension and I can load it to Burp and work with Burp. But I want to give a parameter to the extension so this extension can use this parameter while its running. How it is possible?...

Last updated: Apr 16, 2018 07:36AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

API function to change Response on the fly

Hi I'm aware of Match and Replace feature to change response on the fly. But is there a way to do it from plugin API ? I'm looking at potential API...

Last updated: Apr 16, 2018 07:16AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Burp Extension

Hello there, I am getting the following exception when I'm trying to log a Jython extension I made, please let me know if anyone has face this :S java.lang.RuntimeException: org.python.core.PyException at...

Last updated: Apr 09, 2018 08:15AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Design new extension - Problem with buildRequest and URL Encode

Hi! I'm new to extending Burp and I wanted to add an active scanner plugin for some injections. When I making the requests with a payload with special characters, for example <script>alert(1)</script>, the request...

Last updated: Apr 05, 2018 02:11PM UTC | 6 Agent replies | 6 Community replies | Burp Extensions

IScannerCheck -- Consolidate Duplicate issues method

My question is about the consolidateDuplicateIssues Method. Currently I am writing an extension that passively scans for certain strings in requests. The problem is that there are multiple requests for each site, and the...

Last updated: Mar 27, 2018 07:05AM UTC | 2 Agent replies | 2 Community replies | Burp Extensions

BurpSmartBuster Not Working

Hello, Whenever I try to use BurpSmartBuster it generates errors and does not work properly. It had worked at some point in the past, but that was at least 6 months ago. I am using Burp Suite Pro 1.7.32, on Windows...

Last updated: Mar 26, 2018 07:15AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

burp collaborator

How to use collaborator and what are settings for to use it? and can any one provide me an example for how it works.

Last updated: Mar 23, 2018 08:59AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

callbacks.makeHttpRequest encode special characters to url encode

Hi! When I making the requests with special characters, for example <>, the request is encoded with "URL encode". How could I send the request without encoding anything? My code is as follows: for(String payload:...

Last updated: Mar 22, 2018 09:09AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

API function to check if URL is in scope?

I have created a custom extension that takes all requests of a certain domain from the sitemap, does some magic on the insertion points and then adds the requests with custom insertion points to the active scanner. I'm...

Last updated: Mar 13, 2018 10:25AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

How is PHP Object Injection is reported by burp extension "PHP Object Injection Check"?

While scanning the XVWA (Xtreme Vulnerable Web Application) consisting the vulnerability-PHP Object Injection i.e. Insecure Deserialization, burp extension "PHP Object Injection Check" doesn't report with the same...

Last updated: Mar 01, 2018 10:15AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

How to deploy an extension

Any guides out there on getting started writing extensions? I've found sample extensions and I can build them with Intellij, but I'm not familiar enough with java to create the jar file. Thanks

Last updated: Feb 27, 2018 11:05AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Replicator: Not Able to Edit 'Grep Expression' field

Hi Burp, I have installed the Replicator extension and can send requests to it. However, when creating a replicator file as a tester, I am not able to edit the 'Grep Expression' field or add/select any expression to...

Last updated: Feb 15, 2018 10:10AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Type is showing up as "Legacy Java" ??

Hi, I am just starting to learn about writing extensions for Burp and am using Eclipse/Java. I have built and run my first "Hello World" extension and am wondering why Burp is showing it as "Legacy Java" on the...

Last updated: Feb 08, 2018 02:20PM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

BURP WS-Security SOAP Webservices security testing

I see the raw request with junk data for one of the operation in Wsdler. I added the Send to Intruder for the request in wsdler operation and when I navigate to Intruder, I encountered an error.Can you please suggest the way...

Last updated: Jan 25, 2018 10:26AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

API proxy show as edited request

Using the "processHttpMessage" method I'm able to edit a request. How can I make this changed request show up in the proxy as an edited request (just like when a request is edited with proxy intercept)?

Last updated: Jan 23, 2018 11:19AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Highlighting a tab in JTabbedPane of an extension

Hi, I am working on an extension that has its own JTabbedPane. I am trying to highlight a tab in my extension's JTabbedPane but for some reason the call to setBackgroundAt() simply does nothing. Oddly enough I am able to...

Last updated: Jan 22, 2018 08:33PM UTC | 5 Agent replies | 6 Community replies | Burp Extensions

CWE field in IScanIssue

I've noticed that XML exports of scan issues now include a <vulnerabilityClassifications> field that contains CWE information: <vulnerabilityClassifications><![CDATA[<ul> <li><a...

Last updated: Jan 15, 2018 08:13AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

TSL 1.2

Hi All, thats my first post on Burp forum! :) I'm here for a noble cause I guess: trying to give TSL 1.2 support to the glorious (and mistreated) Windows XP. It seems infact the only way to do that, is to configure the...

Last updated: Jan 09, 2018 11:48PM UTC | 2 Agent replies | 2 Community replies | Burp Extensions

Page 40 of 50

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image