Burp Extensions - Page 45 - Burp Suite User Forum

Issue and question when implementing a ScannerInsertionPointProvider

Hi, Earlier this week I implemented a ScannerInsertionPointProvider to allow the active scanner to scan the custom type of multi-value parameters used by an application I was testing. Basically some parameters contained...

How to send a request with different cookie value

Hi, I'm a noob and I would like to create an extension that after selecting a previous request allows to send automatically a new request with a different value for a certain cookie. Is this possible? If yes which API's...

lack of "/" in InsertionPoint

Hi, Burp Support Team I am trying to write an extension to improve activeScan. But I encountered a problem. When I sent http://example.com/test to activeScan, my extension can receive insertionPoint of type...

Custom issues in Burp-report

Hi Team, I have created an extender. Now, I want to run my extender along with active scan. What are all the steps to be followed? Request your guidance/support for the above said query. Thanks in...

Directory guessing extension for the Scanner

Is there any way to augment the scanner's capabilities to search through a list of directories that I specify? I know how to do this in intruder, but I want to be able to have this trigger automatically during a Burp...

Variable Persistence

Is there a way to persist a variable between requests in an extension? For example I want to take a parameter from one response and then in a later request use this to calculate a different parameter? The value which needs...

Burp Extender socks5

I want to developer extender by jython, The Extender is port scan. I want all the traffic through socks5, How do i

Building a Burp Intruder extension that generates multiple payloads for a single request.

I'm working on a Burp Intruder extension for pen-testing our own custom API. As part of the protocol, a HMAC is generated by the client and added to the header, along with another custom header parameter. The body contains...

Burp Extension

I am trying to create a burp extension which scans for particular text in the response. Now I want this text to be dynamically defined by the user. How do I do that ? As in consider search functionality as extension...

Manual Scan Issues Extension exception with Burp 1.7

java.lang.NullPointerException at burp.BurpExtender.createMenuItems(BurpExtender.java:76) at burp.nbd.a(Unknown Source) at burp.bmc.a(Unknown Source) at burp.ofc.a(Unknown Source) at burp.ofc.a(Unknown...

extension - Burp-hash

I've been using the Burp-hash extension but its starting to be unreliable. Is anyone else getting a lot of false Issues reported with the Burp-hash extension? I get the following often and its not even valid within...

Modify Response depending on request

Hi I need to write a python extension to modify responses depending on what the actual request was. Responses coming from server may be the same for different requests (like 400 Forbidden). I am using the IProxyListener...

wsdler and Basic Authentication

I am using WSDLER against a web service which uses basic authentication. Even with 'Platform Authentication' enabled (Options>Connections) and the correct host/type/username/password set, attempting to parse the WSDL results...

Request/response timing

Hi, I've been playing with java api to try and extract timing info for intruder sessions. Using the custom logger as a base I'm putting the request url and current time into a map, then when a response is received looking up...

Highlighting in extension-generated IScanIssue instances

Built-in scanner issues can apply highlight to both requests and responses, however I don't see any API to do so in IScanIssue instances generated by extensions. The method getHttpMessages() returns an array of...

Burp Extension API - list available proxy interfaces

I am writing a Burp plugin that helps with proxying devices that do not have configurable proxy settings. To do this, I have the extension intercept DNS queries and respond with an IP address that points to an already...

Problems with availability of HashMap in doPassiveScan (noob level)

Hi, First of all sorry for this stupid noob question, but it has been driving me crazy for hours now. Why is "hostHashMap" null in "doPassiveScan"? How can I make hostHashMap available? Many thanks in...

Problem in using SQLiPy extender

Hi, I am getting Importerror while starting SQLiPy.py api. Error thrown is no module named burp. I have loaded jython stand alone jar file. Other python extender like Authorize is working fine. Please do the help.

burp extensions using makeHttpRequest

I'm trying to create a python Burp Extension where I new to do an HTTP request. I would like to use makeHttpRequest, however I'm getting the error: "java.lang.RuntimeException: java.lang.RuntimeException: Extensions...

Python IDE code completion

Hello, I'm trying to properly setup a Python IDE so I can start can play around and create some Burp extensions. One of the advantages of using an IDE is of course code completion. However, I can't seem to figure out how...