Burp Extensions - Page 41 - Burp Suite User Forum

BApp Store queries

Hi Guys, I have a few questions regarding the BApp extensions if some one could answer or redirect. 1. What are the measures taken that the code in the extension are secure.? 2. What is the process of uploading a new...

IScanIssue vs. IBurpCollaboratorInteraction

Now that Extender plugins can use collaborator, it can be used to identify issues. The built-in active scanner can use this to attach the relevant interactions to the reported issue. Based on the IScanIssue interface, I can...

Extender API Parameters

Hi! I'm developing an extension and I was wondering how can I get the vulnerable parameter for an issue. For example, in a Cross-site scripting as the one in the picture (http://imgur.com/a/aKqn9), is there a method to get...

Confusion on InsertionPoints / active scan module

Hi, I'm trying to make the DetectDynamicJS extension an active scanner extension instead of a passive scanner, which it is right now, to adhere to the rule that passive scanners don't issue requests. I'm a little...

Monitor new issues and create issues based on them

Hello, I am attempting to write my first burp extension in Python, but I found myself stuck at adding issues to the list of findings. Basically, my code is monitoring for new issues within newScanIssue(self, issue) in...

Create extender jar using burpsuite.jar in classpath

Hi, I had a question regarding the process for properly building (compiling and creating jar files) Java burp extensions. According to the normal process for this, the Extender interface files should be exported from...

Reduced parameters to be checked in Scanner

I'm trying to write an extension of BURP to reduce the number of checks to be done while performing and Active/Passive scan. Our tool already provides integrity validation for links and non-editable data, so my idea was to...

xssValidator Problems

Hello, if anyone is usinf xss Validator, I really need help. I downloaded PhantomJS and also the xss,js file. I also downloaded Slimer but I have no idea where I get slimer.js. I think slimer is not needed, as I saw...

Callbacks method to get the BurpExtender instance

Is there a method in IBurpExtenderCallbacks or IExtensionHelpers to get the actual BurpExtender instance? If not, would you consider adding one?

Cleanup Scheduler

Hi everyone I am developing a custom Burp extension which basically modifies HTTP requests and responses (using IHttpListener) of various third-party tools. Since some of these tools are running for a rather long time, I...

Cannot load saved user options with --config-file in command line

Dear Guys, My problem: I saved the user options into some JSON format configuration file, and then I can load it from GUI successfully, all the configured extensions are there, it's very good. However, I cannot load the...

Is there any method to get response in two different places

Hey guys

Its a test post

Export sequencer results

Hi, Is sequencer results are exportable or copyable ? Cheers

IContextMenuFactory: ICONTEXT_TARGET_SITE_MAP_TABLE only returns Request and No Response

menu.getSelectedMessages(); returns the proper Request/Responses for pretty much all of the locations, except for CONTEXT_TARGET_SITE_MAP_TABLE . For some reason I'm pulling the request with that one, but not...

byte[] to IHttpRequestResponse

Hello, I have two byte arrays with a HTTP request and response, and I would like to create a IHttpRequestResponse containing them both, I have been trying to do it with no success, could someone help me please? Thank you

Saving Settings with Multiple Extensions

When I save settings for an extension I use the callbacks like this: mCallbacks.saveExtensionSetting("SOME_NAME", "SOME_VALUE"); But is the saveExtensionSetting method aware of which extension saved it? If I create a...

updateCookieJar: Domain cannot be null

I have written an extension that submits a login, reads a cookie in the response, and adds it to the cookie jar. The cookie in the response does not include a domain attribute. Set-Cookie:...

Add a relative url to a scoped domain

I'm trying to dynamically add relative URLs to a scoped domain using the addToSiteMap() method via the python api and am having a lot of trouble. addToSiteMap(IHttpRequestResponse item) It requires an...

ISessionHandling - use toolflags to find out where the request comes from

Hello, something really cool is, that the IHttpListener interface provides a method: " processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) " where you can use the toolFlag...