Burp Extensions - Page 41 - Burp Suite User Forum

Cannot import burp Extentions from python file

I'am trying to import IBurpExtender into my extention but I cant seem to import any of the API. I keep getting an import error. I cant figure out what is wrong. Traceback (most recent call last): File...

Setting up Burp Proxy

is there any way i can set up burp proxy and port programmatically using burp extender?

Override final ActiveScan values to insert custom payload?

Is there a way to override ActiveScan checks or the order of checks so a custom check is run last? I'm trying to detect a certain type of XSS attack in our application where we're using Selenium to detect if javascript...

Using IBurpExtenderCallbacks.makeHttpRequest at Background

I am trying to send 10 new requests after all requests generated by proxy. For that, I am handling requests in processHttpMessage method and sending requests with IBurpExtenderCallbacks.makeHttpRequest. It works but the...

SAX2 driver class org.apache.xercer.parses.SAXParser not found

Hello friends I'm trying to parse XML from requests in my plugin but every time this error occours: java.lang.ClassNotFoundException: org.apache.xerces.parsers.SAXParser at...

IMessageEditor get selected Offset (similar to textEditor)

Hi Team I'm using an IMessageEditor object to create a combination of repeater and intruder. However, the function i am missing for IMessageEditor is the getSelectionBounds() (which exists for ITextEditor . What would be...

Custom Hotkey for Burp Extension

Dear Portswigger Team, Is it possible to register a hot key for an action provided by an extension? My use case is the following: I have created a new behaviour for "Send to Intruder" (default ctrl+i) and for this...

Intercept Burp's requests and set authenticated upstream proxy.

Hi, I want create an extension that will intercept and proxy Burp's requests. I noticed I can implement IHttpListener and override processHttpMessage() and set a new IHttpService for each request. The problem is...

Control of the Intruder Engine

Does the present version of burp suite provides any API to control the Intruder engine that means using custom scheduler and firing each packets. Every thing we found till now is to custom payload.

Issue Deserializing AMF messages with burpsuite

I am unable to deserialize AMF messages in response only. I am using the current version of Burpsuite. I have used both the builtin in AMF analyze and display option and the AMFDSer extension. They were only able to...

Possible Classpath Issues when using beansbinding (JSR 295)

Hi everyone I am currently trying to finalize my Burp Suite extension. To bind POJOs to the View (two-way binding) I am using beansbinding respectively betterbeansbinding (JSR 295). When I start my extension via NetBeans...

Auto-marking parameters in URL paths in intruder

The swurg extension allows parsing swagger json files into items in burp that can be then sent to intruder, repeater, or scanner. However, swagger json files allow for parameters inside URL paths. There seems to be no way...

Binding proxy on custom port programmatically

In my extension i want to accept all requests on custom port (for example 1337). There is no actual server on my computer, just another tool in the Internet, which would send there requests. I thought about proxy listener,...

extract all parameters in request before scanner starts

I need to extract all parameters in request before scanner starts. I know that "doActiveScan" of IScannerCheck interface finds parameters, but parameter names can be extracted after active the scanner starts working. but I...

Making new custom tab in Intruder

Hey, guys. I want to make new custom tab like this https://github.com/PortSwigger/example-custom-editor-tab , but in Intruder, but didnt find API to do it. Is it possible?

doActiveScan is not getting called and no Active Scanning is performed

Hello I'm burp pro user the Issue i'm facing is the doActiveScan is not getting called for the example provided in teh blog http://blog.portswigger.net/2012/12/sample-burp-suite-extension-custom_20.html When i try to...

jruby SSLSocket error

I'm currently developing the Dradis Framework Burp extension (https://github.com/dradis/burp-dradis/) and I'm encountering an error when the extension is trying to POST to the Dradis Pro server using...

Burp automation encountered error: Attempting to auto-select SSL parameters

Hi: I built an extension and it is working fine to login, select scope, spider and do active scan. The scan takes a few hours. On windows setting, the scan can finish in 2 and half hour. On linux machine, however, it...

Burp CSJ

When I attempt to use this extension using Firefox as the browser, an instance of Firefox shows pops up, hangs around for a while showing no activity, then I get an 'Exception Breakpoint' from Firefox and that's all she...

Making a request after every Scanner response, depending on the response contents.

I'm not sure whether this is possible via a mixture of macros / an extension, but here's my problem. I'm trying to scan a request that creates an entry in a database, and the request includes the name of the new entry....