Burp Suite User Forum
Hi Guys, I have a few questions regarding the BApp extensions if some one could answer or redirect. 1. What are the measures taken that the code in the extension are secure.? 2. What is the process of uploading a new...
Now that Extender plugins can use collaborator, it can be used to identify issues. The built-in active scanner can use this to attach the relevant interactions to the reported issue. Based on the IScanIssue interface, I can...
Hi! I'm developing an extension and I was wondering how can I get the vulnerable parameter for an issue. For example, in a Cross-site scripting as the one in the picture (http://imgur.com/a/aKqn9), is there a method to get...
Hi, I'm trying to make the DetectDynamicJS extension an active scanner extension instead of a passive scanner, which it is right now, to adhere to the rule that passive scanners don't issue requests. I'm a little...
Hello, I am attempting to write my first burp extension in Python, but I found myself stuck at adding issues to the list of findings. Basically, my code is monitoring for new issues within newScanIssue(self, issue) in...
Hi, I had a question regarding the process for properly building (compiling and creating jar files) Java burp extensions. According to the normal process for this, the Extender interface files should be exported from...
I'm trying to write an extension of BURP to reduce the number of checks to be done while performing and Active/Passive scan. Our tool already provides integrity validation for links and non-editable data, so my idea was to...
Hello, if anyone is usinf xss Validator, I really need help. I downloaded PhantomJS and also the xss,js file. I also downloaded Slimer but I have no idea where I get slimer.js. I think slimer is not needed, as I saw...
Is there a method in IBurpExtenderCallbacks or IExtensionHelpers to get the actual BurpExtender instance? If not, would you consider adding one?
Hi everyone I am developing a custom Burp extension which basically modifies HTTP requests and responses (using IHttpListener) of various third-party tools. Since some of these tools are running for a rather long time, I...
Dear Guys, My problem: I saved the user options into some JSON format configuration file, and then I can load it from GUI successfully, all the configured extensions are there, it's very good. However, I cannot load the...
Is there any method to get response in two different places
Its a test post
Hi, Is sequencer results are exportable or copyable ? Cheers
menu.getSelectedMessages(); returns the proper Request/Responses for pretty much all of the locations, except for CONTEXT_TARGET_SITE_MAP_TABLE . For some reason I'm pulling the request with that one, but not...
Hello, I have two byte arrays with a HTTP request and response, and I would like to create a IHttpRequestResponse containing them both, I have been trying to do it with no success, could someone help me please? Thank you
When I save settings for an extension I use the callbacks like this: mCallbacks.saveExtensionSetting("SOME_NAME", "SOME_VALUE"); But is the saveExtensionSetting method aware of which extension saved it? If I create a...
I have written an extension that submits a login, reads a cookie in the response, and adds it to the cookie jar. The cookie in the response does not include a domain attribute. Set-Cookie:...
I'm trying to dynamically add relative URLs to a scoped domain using the addToSiteMap() method via the python api and am having a lot of trouble. addToSiteMap(IHttpRequestResponse item) It requires an...
Hello, something really cool is, that the IHttpListener interface provides a method: " processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) " where you can use the toolFlag...
Page 41 of 47
Your source for help and advice on all things Burp-related.