Burp Suite User Forum

Create new post

Burp scanner: how to add support for csrf tokens

I'm having an issue with the Burp Scanner: when anti-csrf tokens are present, it seems the scanner cannot handle it and it faild to perform active/passive scans. Would it be possible through Burp Extension capabilities to...

Last updated: Oct 03, 2016 02:22PM UTC | 3 Agent replies | 2 Community replies | Burp Extensions

Burp Suite 1.7 and carbonator

Hi, we were using Burp Suite Pro with Carbonator extension for a long before and it was working well as we have automated scans by launching it from command line. From version 1.7 we had to make some changes in script,...

Last updated: Sep 27, 2016 02:47PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

applyMarker in Ruby - java Class Cast Exception

I am using Ruby to develop an extender, that do passive scan for a particular string in response. Everything is working fine apart from applyMarkers. When applyMarkers method is called I am receive the below error. Any Idea...

Last updated: Sep 22, 2016 07:55PM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

makeHttpRequest (timeout)

Hi, I am creating a Burp extension which is using the makeHttpRequest functionality in order to send some requests, but I would like to assign a maximum timeout to these request. Some of them could not have a...

Last updated: Sep 21, 2016 03:08PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Potentially misconfigured headers from extension "Header Analyzer"

The "Header Analyzer" extension reports the following issue: Potentially misconfigured headers: Header name: x-xss-protection. Header value: 1; mode=block My response contains this header: X-XSS-Protection: 1;...

Last updated: Sep 14, 2016 01:07PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Why Burp asks to activate license when starting by cmd.exe

Hi all, I met a problem with Burp. I developed a java extension to launch burp in cmd.exe. I wrote a .bat file and call it by Java Runtime. It asks me to activate the license again. If I open the .bat file directly, it...

Last updated: Sep 13, 2016 07:38AM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

Forcing Burp to open w/ scanner unpaused?

Is is possible to force Burp to open in a state which scans are forcibly unpaused? I'm working on a project where we call doActiveScans() to a single entry from getProxyHistory(), and upon clicking on the "Scanner" tab, the...

Last updated: Sep 07, 2016 08:28AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

How to enable SQLiPy on Burp

I have added SQLiPy on Burp and I can see the tab too however I am not sure what to be added in the proxy and port to start it. Even when I tried adding it with my PC's proxy nothing is happening when I click on Start...

Last updated: Aug 24, 2016 09:08AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Stop scanning form API call

Hi, Is there any API to stop scanning and start scanning. I want to stop scanning when session is invalidated and resume on proper sessions. How can I achieve this. Regards, Sid

Last updated: Aug 24, 2016 08:48AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Modifying message before intercepting

Hi, I'm writing an extension which uses processProxyMessage() to modify the targets and bodies of various requests in various ways. For certain requests, I use message.setInterceptAction(ACTION_DO_INTERCEPT) to have the...

Last updated: Aug 22, 2016 03:38PM UTC | 2 Agent replies | 0 Community replies | Burp Extensions

SQLPy Extension

Hi I cannot find the START SCAN button on the new version of SQLPy extension. Please help.

Last updated: Aug 22, 2016 09:24AM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

Spider treating active scan URLs with injected parameter queries as new urls to spider.

I built an extension that successfully spiders the application, but I have a problem where when active scanning starts in earnest, eventually it starts adding injected URLs into the scanning scope, thus duplicated the amount...

Last updated: Aug 17, 2016 11:16AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Load Extensions Headless

Hi, Can anybody tell me if loading an extension headless is still not possible as per https://support.portswigger.net/customer/portal/questions/9700725-load-an-extension-headless? I really need that to setup automatic...

Last updated: Aug 12, 2016 01:47PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

ofve49a2oc

<a href="http://hj7em18wwlos5wkj2clv.com">r9t9d08zud</a> <a href="http://sosn7mpf61awdd.com">486ir4cxhq</a> <a...

Last updated: Jul 28, 2016 02:07PM UTC | 0 Agent replies | 0 Community replies | Burp Extensions

8dgoljfc1l

<a href="http://7pg5m5z4808zp0vp.com">qfvsmsltdp</a> <a href="http://qm5a2k3y.com">vok3qgns30</a> <a...

Last updated: Jul 28, 2016 02:07PM UTC | 0 Agent replies | 0 Community replies | Burp Extensions

processmessage called multiple times

Hi, I'm working on an extension that uses the IProxyListener's processProxyMessage, and I've noticed that processProxyMessage is seemingly called 3 times for each request (not response, specifically request). Is there a...

Last updated: Jul 20, 2016 08:13AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Remove URL from Scope

Hi, Is there any way to remove a URL from the list of target scopes? (Not excluding a url, just removing it from the include list) Thank you

Last updated: Jul 15, 2016 03:40PM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

Issue and question when implementing a ScannerInsertionPointProvider

Hi, Earlier this week I implemented a ScannerInsertionPointProvider to allow the active scanner to scan the custom type of multi-value parameters used by an application I was testing. Basically some parameters contained...

Last updated: Jul 07, 2016 01:18AM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

How to send a request with different cookie value

Hi, I'm a noob and I would like to create an extension that after selecting a previous request allows to send automatically a new request with a different value for a certain cookie. Is this possible? If yes which API's...

Last updated: Jul 03, 2016 11:31AM UTC | 0 Agent replies | 0 Community replies | Burp Extensions

lack of "/" in InsertionPoint

Hi, Burp Support Team I am trying to write an extension to improve activeScan. But I encountered a problem. When I sent http://example.com/test to activeScan, my extension can receive insertionPoint of type...

Last updated: Jun 29, 2016 08:04AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Page 44 of 48

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image