Burp Extensions - Page 45 - Burp Suite User Forum

Confusion on InsertionPoints / active scan module

Hi, I'm trying to make the DetectDynamicJS extension an active scanner extension instead of a passive scanner, which it is right now, to adhere to the rule that passive scanners don't issue requests. I'm a little...

Monitor new issues and create issues based on them

Hello, I am attempting to write my first burp extension in Python, but I found myself stuck at adding issues to the list of findings. Basically, my code is monitoring for new issues within newScanIssue(self, issue) in...

Create extender jar using burpsuite.jar in classpath

Hi, I had a question regarding the process for properly building (compiling and creating jar files) Java burp extensions. According to the normal process for this, the Extender interface files should be exported from...

Reduced parameters to be checked in Scanner

I'm trying to write an extension of BURP to reduce the number of checks to be done while performing and Active/Passive scan. Our tool already provides integrity validation for links and non-editable data, so my idea was to...

xssValidator Problems

Hello, if anyone is usinf xss Validator, I really need help. I downloaded PhantomJS and also the xss,js file. I also downloaded Slimer but I have no idea where I get slimer.js. I think slimer is not needed, as I saw...

Callbacks method to get the BurpExtender instance

Is there a method in IBurpExtenderCallbacks or IExtensionHelpers to get the actual BurpExtender instance? If not, would you consider adding one?

Cleanup Scheduler

Hi everyone I am developing a custom Burp extension which basically modifies HTTP requests and responses (using IHttpListener) of various third-party tools. Since some of these tools are running for a rather long time, I...

Cannot load saved user options with --config-file in command line

Dear Guys, My problem: I saved the user options into some JSON format configuration file, and then I can load it from GUI successfully, all the configured extensions are there, it's very good. However, I cannot load the...

Is there any method to get response in two different places

Hey guys

Its a test post

Export sequencer results

Hi, Is sequencer results are exportable or copyable ? Cheers

IContextMenuFactory: ICONTEXT_TARGET_SITE_MAP_TABLE only returns Request and No Response

menu.getSelectedMessages(); returns the proper Request/Responses for pretty much all of the locations, except for CONTEXT_TARGET_SITE_MAP_TABLE . For some reason I'm pulling the request with that one, but not...

byte[] to IHttpRequestResponse

Hello, I have two byte arrays with a HTTP request and response, and I would like to create a IHttpRequestResponse containing them both, I have been trying to do it with no success, could someone help me please? Thank you

Saving Settings with Multiple Extensions

When I save settings for an extension I use the callbacks like this: mCallbacks.saveExtensionSetting("SOME_NAME", "SOME_VALUE"); But is the saveExtensionSetting method aware of which extension saved it? If I create a...

updateCookieJar: Domain cannot be null

I have written an extension that submits a login, reads a cookie in the response, and adds it to the cookie jar. The cookie in the response does not include a domain attribute. Set-Cookie:...

Add a relative url to a scoped domain

I'm trying to dynamically add relative URLs to a scoped domain using the addToSiteMap() method via the python api and am having a lot of trouble. addToSiteMap(IHttpRequestResponse item) It requires an...

ISessionHandling - use toolflags to find out where the request comes from

Hello, something really cool is, that the IHttpListener interface provides a method: " processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) " where you can use the toolFlag...

Macro

Hopefully this question isn't too stupid but, is it possible to run a macro from an extension? I'm trying to set up an automation process where burp will run my extension, the extension will run a login macro and then...

Pasting dynamic generated text into an intercepted HTTP request / response

Hi everyone I am attempting to add a new feature to my extension. Basically I would like to add dynamic generated text (for instance plain HTML) into an intercepted HTTP request or response. Currently I am not sure what...

ISessionHandling - detect if proxy is clicked in the tools scope (programmitacally) - Java

Hello, I would like to know, if there is a solution for detecting, if the checkmark is clicked on "Proxy (use with caution)" in the session handling rule editor (programatically) ? I am using the ISessionHandling...