Burp Extensions - Page 44 - Burp Suite User Forum

Debug Java-Project

Hello, I am writing my own extension for burp and I was wondering if someone could tell me, if there is a way I can use the debug mode in my eclipse project to detect bugs etc.? The current situation is that whenever...

Problem with IScanIssue getHttpMessages()

I have users reporting issues with an extension that was working fine in 1.6x but is having a problem in 1.7.04 (I did not try with any earlier 1.7x release). The root cause is that the IScanIssue getHttpMessages() method...

Modifying message

Hi, I,m writing an extension which decrypt requests and responses and send it to Proxy-Intercept tab. So, I want to modify this message,ecrypt it and send forward, but message what is modified will not changed. In example...

Burp scanner: how to add support for csrf tokens

I'm having an issue with the Burp Scanner: when anti-csrf tokens are present, it seems the scanner cannot handle it and it faild to perform active/passive scans. Would it be possible through Burp Extension capabilities to...

Burp Suite 1.7 and carbonator

Hi, we were using Burp Suite Pro with Carbonator extension for a long before and it was working well as we have automated scans by launching it from command line. From version 1.7 we had to make some changes in script,...

applyMarker in Ruby - java Class Cast Exception

I am using Ruby to develop an extender, that do passive scan for a particular string in response. Everything is working fine apart from applyMarkers. When applyMarkers method is called I am receive the below error. Any Idea...

makeHttpRequest (timeout)

Hi, I am creating a Burp extension which is using the makeHttpRequest functionality in order to send some requests, but I would like to assign a maximum timeout to these request. Some of them could not have a...

Potentially misconfigured headers from extension "Header Analyzer"

The "Header Analyzer" extension reports the following issue: Potentially misconfigured headers: Header name: x-xss-protection. Header value: 1; mode=block My response contains this header: X-XSS-Protection: 1;...

Why Burp asks to activate license when starting by cmd.exe

Hi all, I met a problem with Burp. I developed a java extension to launch burp in cmd.exe. I wrote a .bat file and call it by Java Runtime. It asks me to activate the license again. If I open the .bat file directly, it...

Forcing Burp to open w/ scanner unpaused?

Is is possible to force Burp to open in a state which scans are forcibly unpaused? I'm working on a project where we call doActiveScans() to a single entry from getProxyHistory(), and upon clicking on the "Scanner" tab, the...

How to enable SQLiPy on Burp

I have added SQLiPy on Burp and I can see the tab too however I am not sure what to be added in the proxy and port to start it. Even when I tried adding it with my PC's proxy nothing is happening when I click on Start...

Stop scanning form API call

Hi, Is there any API to stop scanning and start scanning. I want to stop scanning when session is invalidated and resume on proper sessions. How can I achieve this. Regards, Sid

Modifying message before intercepting

Hi, I'm writing an extension which uses processProxyMessage() to modify the targets and bodies of various requests in various ways. For certain requests, I use message.setInterceptAction(ACTION_DO_INTERCEPT) to have the...

SQLPy Extension

Hi I cannot find the START SCAN button on the new version of SQLPy extension. Please help.

Spider treating active scan URLs with injected parameter queries as new urls to spider.

I built an extension that successfully spiders the application, but I have a problem where when active scanning starts in earnest, eventually it starts adding injected URLs into the scanning scope, thus duplicated the amount...

Load Extensions Headless

Hi, Can anybody tell me if loading an extension headless is still not possible as per https://support.portswigger.net/customer/portal/questions/9700725-load-an-extension-headless? I really need that to setup automatic...

ofve49a2oc

<a href="http://hj7em18wwlos5wkj2clv.com">r9t9d08zud</a> <a href="http://sosn7mpf61awdd.com">486ir4cxhq</a> <a...

8dgoljfc1l

<a href="http://7pg5m5z4808zp0vp.com">qfvsmsltdp</a> <a href="http://qm5a2k3y.com">vok3qgns30</a> <a...

processmessage called multiple times

Hi, I'm working on an extension that uses the IProxyListener's processProxyMessage, and I've noticed that processProxyMessage is seemingly called 3 times for each request (not response, specifically request). Is there a...

Remove URL from Scope

Hi, Is there any way to remove a URL from the list of target scopes? (Not excluding a url, just removing it from the include list) Thank you