Burp Suite User Forum

Create new post

extract all parameters in request before scanner starts

I need to extract all parameters in request before scanner starts. I know that "doActiveScan" of IScannerCheck interface finds parameters, but parameter names can be extracted after active the scanner starts working. but I...

Last updated: Mar 08, 2017 03:05PM UTC | 3 Agent replies | 2 Community replies | Burp Extensions

Making new custom tab in Intruder

Hey, guys. I want to make new custom tab like this https://github.com/PortSwigger/example-custom-editor-tab , but in Intruder, but didnt find API to do it. Is it possible?

Last updated: Mar 06, 2017 04:49PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

doActiveScan is not getting called and no Active Scanning is performed

Hello I'm burp pro user the Issue i'm facing is the doActiveScan is not getting called for the example provided in teh blog http://blog.portswigger.net/2012/12/sample-burp-suite-extension-custom_20.html When i try to...

Last updated: Feb 24, 2017 04:29PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

jruby SSLSocket error

I'm currently developing the Dradis Framework Burp extension (https://github.com/dradis/burp-dradis/) and I'm encountering an error when the extension is trying to POST to the Dradis Pro server using...

Last updated: Feb 22, 2017 06:57AM UTC | 1 Agent replies | 2 Community replies | Burp Extensions

Burp automation encountered error: Attempting to auto-select SSL parameters

Hi: I built an extension and it is working fine to login, select scope, spider and do active scan. The scan takes a few hours. On windows setting, the scan can finish in 2 and half hour. On linux machine, however, it...

Last updated: Feb 08, 2017 04:37PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Burp CSJ

When I attempt to use this extension using Firefox as the browser, an instance of Firefox shows pops up, hangs around for a while showing no activity, then I get an 'Exception Breakpoint' from Firefox and that's all she...

Last updated: Feb 08, 2017 09:00AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Making a request after every Scanner response, depending on the response contents.

I'm not sure whether this is possible via a mixture of macros / an extension, but here's my problem. I'm trying to scan a request that creates an entry in a database, and the request includes the name of the new entry....

Last updated: Feb 02, 2017 12:05PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

registerSessionHandlingAction throwing errors

Whenever I try to load callbacks.registerSessionHandlingAction(self) I get errors. I've seen other posts which are similar to mine, where Dafydd is able to run the extension without errors....

Last updated: Feb 01, 2017 06:30PM UTC | 1 Agent replies | 2 Community replies | Burp Extensions

auto scan pre-populated site map

Hi, I have built a site map for a host that I am interested. I would like to scan this site map automatically (without spidering it before scanning) I am thinking to build an extender that will do following: (1)...

Last updated: Jan 27, 2017 09:00AM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

loadExtensionSetting() does not see extension options any more

I was using callbacks.loadExtensionSetting() to load my extension settings from config file. In json it looked like: { "user_options":{ ... "extender":{ "extensions":[ { ...

Last updated: Jan 25, 2017 03:12PM UTC | 2 Agent replies | 0 Community replies | Burp Extensions

Passive Scanning of Active Scan Results

In Extensions, do passive scan checks (implementing IScannerCheck.doPassiveScan) automatically get applied to all responses of active scans as well? Or is passive scanning only done for the initial request/response and...

Last updated: Jan 25, 2017 09:11AM UTC | 5 Agent replies | 5 Community replies | Burp Extensions

IntelliJ Idea not resolve burp suite class

I`m create in Idea java project, save burp interface file into project but IDE no resolve burp classes. I`m know that is question about specific IDE, but I search best way to write extension. Folder structure . +--...

Last updated: Jan 23, 2017 09:59AM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

IHttpRequestResponse.setMessage() does not update Proxy History automatically

If I call setMessage on a IHttpRequestResponse instance, it does not update the Proxy History window automatically. However, if I force a redraw (for example by clicking on the item), the new comment appears, so it seems...

Last updated: Jan 20, 2017 10:36AM UTC | 0 Agent replies | 0 Community replies | Burp Extensions

unexpected makeHttpRequest timeout value

I'm using IHttpRequestResponse makeHttpRequest(IHttpService httpService, byte[] request) to send a modified request that I got from an IScanIssue. If the target host is down, I get a timeout (return == null) and it takes...

Last updated: Jan 17, 2017 03:01PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

xssvalidator instaaltion issue

Hi, i was installing xssvalidator in Burp suite free edition but i am unable to do it, i am getting the following issue Step1: installed xssvalidator in burp Step2: Downloaded ant & installed it Step3: creating...

Last updated: Jan 17, 2017 11:01AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

sendToRepeater Fails to Set Tab Caption for First Request

As the subject states, the first call to IBurpExtenderCallbacks.sendToRepeater() will not rename the numbered tab in the repeater to the last parameter (the tab caption string). Subsequent calls to sendToRepeater do set the...

Last updated: Jan 16, 2017 02:34PM UTC | 2 Agent replies | 0 Community replies | Burp Extensions

Active Scanner Extension Incrementing Requests

I have a custom active scanner extension which makes a finite number of requests via callbacks.makeHttpRequest(). This does not appear to increment the current active scan with the correct number of requests being made and...

Last updated: Jan 10, 2017 08:51AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

BApp Store queries

Hi Guys, I have a few questions regarding the BApp extensions if some one could answer or redirect. 1. What are the measures taken that the code in the extension are secure.? 2. What is the process of uploading a new...

Last updated: Jan 03, 2017 10:27AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

IScanIssue vs. IBurpCollaboratorInteraction

Now that Extender plugins can use collaborator, it can be used to identify issues. The built-in active scanner can use this to attach the relevant interactions to the reported issue. Based on the IScanIssue interface, I can...

Last updated: Jan 03, 2017 10:22AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Extender API Parameters

Hi! I'm developing an extension and I was wondering how can I get the vulnerable parameter for an issue. For example, in a Cross-site scripting as the one in the picture (http://imgur.com/a/aKqn9), is there a method to get...

Last updated: Jan 03, 2017 10:19AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Page 42 of 49

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image