Burp Extensions - Page 44 - Burp Suite User Forum

extract all parameters in request before scanner starts

I need to extract all parameters in request before scanner starts. I know that "doActiveScan" of IScannerCheck interface finds parameters, but parameter names can be extracted after active the scanner starts working. but I...

Making new custom tab in Intruder

Hey, guys. I want to make new custom tab like this https://github.com/PortSwigger/example-custom-editor-tab , but in Intruder, but didnt find API to do it. Is it possible?

doActiveScan is not getting called and no Active Scanning is performed

Hello I'm burp pro user the Issue i'm facing is the doActiveScan is not getting called for the example provided in teh blog http://blog.portswigger.net/2012/12/sample-burp-suite-extension-custom_20.html When i try to...

jruby SSLSocket error

I'm currently developing the Dradis Framework Burp extension (https://github.com/dradis/burp-dradis/) and I'm encountering an error when the extension is trying to POST to the Dradis Pro server using...

Burp automation encountered error: Attempting to auto-select SSL parameters

Hi: I built an extension and it is working fine to login, select scope, spider and do active scan. The scan takes a few hours. On windows setting, the scan can finish in 2 and half hour. On linux machine, however, it...

Burp CSJ

When I attempt to use this extension using Firefox as the browser, an instance of Firefox shows pops up, hangs around for a while showing no activity, then I get an 'Exception Breakpoint' from Firefox and that's all she...

Making a request after every Scanner response, depending on the response contents.

I'm not sure whether this is possible via a mixture of macros / an extension, but here's my problem. I'm trying to scan a request that creates an entry in a database, and the request includes the name of the new entry....

registerSessionHandlingAction throwing errors

Whenever I try to load callbacks.registerSessionHandlingAction(self) I get errors. I've seen other posts which are similar to mine, where Dafydd is able to run the extension without errors....

auto scan pre-populated site map

Hi, I have built a site map for a host that I am interested. I would like to scan this site map automatically (without spidering it before scanning) I am thinking to build an extender that will do following: (1)...

loadExtensionSetting() does not see extension options any more

I was using callbacks.loadExtensionSetting() to load my extension settings from config file. In json it looked like: { "user_options":{ ... "extender":{ "extensions":[ { ...

Passive Scanning of Active Scan Results

In Extensions, do passive scan checks (implementing IScannerCheck.doPassiveScan) automatically get applied to all responses of active scans as well? Or is passive scanning only done for the initial request/response and...

IntelliJ Idea not resolve burp suite class

I`m create in Idea java project, save burp interface file into project but IDE no resolve burp classes. I`m know that is question about specific IDE, but I search best way to write extension. Folder structure . +--...

IHttpRequestResponse.setMessage() does not update Proxy History automatically

If I call setMessage on a IHttpRequestResponse instance, it does not update the Proxy History window automatically. However, if I force a redraw (for example by clicking on the item), the new comment appears, so it seems...

unexpected makeHttpRequest timeout value

I'm using IHttpRequestResponse makeHttpRequest(IHttpService httpService, byte[] request) to send a modified request that I got from an IScanIssue. If the target host is down, I get a timeout (return == null) and it takes...

xssvalidator instaaltion issue

Hi, i was installing xssvalidator in Burp suite free edition but i am unable to do it, i am getting the following issue Step1: installed xssvalidator in burp Step2: Downloaded ant & installed it Step3: creating...

sendToRepeater Fails to Set Tab Caption for First Request

As the subject states, the first call to IBurpExtenderCallbacks.sendToRepeater() will not rename the numbered tab in the repeater to the last parameter (the tab caption string). Subsequent calls to sendToRepeater do set the...

Active Scanner Extension Incrementing Requests

I have a custom active scanner extension which makes a finite number of requests via callbacks.makeHttpRequest(). This does not appear to increment the current active scan with the correct number of requests being made and...

BApp Store queries

Hi Guys, I have a few questions regarding the BApp extensions if some one could answer or redirect. 1. What are the measures taken that the code in the extension are secure.? 2. What is the process of uploading a new...

IScanIssue vs. IBurpCollaboratorInteraction

Now that Extender plugins can use collaborator, it can be used to identify issues. The built-in active scanner can use this to attach the relevant interactions to the reported issue. Based on the IScanIssue interface, I can...

Extender API Parameters

Hi! I'm developing an extension and I was wondering how can I get the vulnerable parameter for an issue. For example, in a Cross-site scripting as the one in the picture (http://imgur.com/a/aKqn9), is there a method to get...