Burp Suite User Forum

Create new post

Custom issues in Burp-report

Hi Team, I have created an extender. Now, I want to run my extender along with active scan. What are all the steps to be followed? Request your guidance/support for the above said query. Thanks in...

Last updated: Jun 09, 2016 08:03AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Directory guessing extension for the Scanner

Is there any way to augment the scanner's capabilities to search through a list of directories that I specify? I know how to do this in intruder, but I want to be able to have this trigger automatically during a Burp...

Last updated: Jun 01, 2016 04:36AM UTC | 3 Agent replies | 4 Community replies | Burp Extensions

Variable Persistence

Is there a way to persist a variable between requests in an extension? For example I want to take a parameter from one response and then in a later request use this to calculate a different parameter? The value which needs...

Last updated: May 11, 2016 01:47PM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

Burp Extender socks5

I want to developer extender by jython, The Extender is port scan. I want all the traffic through socks5, How do i

Last updated: May 11, 2016 08:29AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Building a Burp Intruder extension that generates multiple payloads for a single request.

I'm working on a Burp Intruder extension for pen-testing our own custom API. As part of the protocol, a HMAC is generated by the client and added to the header, along with another custom header parameter. The body contains...

Last updated: May 11, 2016 07:12AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Burp Extension

I am trying to create a burp extension which scans for particular text in the response. Now I want this text to be dynamically defined by the user. How do I do that ? As in consider search functionality as extension...

Last updated: May 09, 2016 12:28PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Manual Scan Issues Extension exception with Burp 1.7

java.lang.NullPointerException at burp.BurpExtender.createMenuItems(BurpExtender.java:76) at burp.nbd.a(Unknown Source) at burp.bmc.a(Unknown Source) at burp.ofc.a(Unknown Source) at burp.ofc.a(Unknown...

Last updated: Apr 26, 2016 07:38AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

extension - Burp-hash

I've been using the Burp-hash extension but its starting to be unreliable. Is anyone else getting a lot of false Issues reported with the Burp-hash extension? I get the following often and its not even valid within...

Last updated: Apr 10, 2016 08:55AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Modify Response depending on request

Hi I need to write a python extension to modify responses depending on what the actual request was. Responses coming from server may be the same for different requests (like 400 Forbidden). I am using the IProxyListener...

Last updated: Apr 08, 2016 12:35PM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

wsdler and Basic Authentication

I am using WSDLER against a web service which uses basic authentication. Even with 'Platform Authentication' enabled (Options>Connections) and the correct host/type/username/password set, attempting to parse the WSDL results...

Last updated: Apr 06, 2016 11:45AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Request/response timing

Hi, I've been playing with java api to try and extract timing info for intruder sessions. Using the custom logger as a base I'm putting the request url and current time into a map, then when a response is received looking up...

Last updated: Mar 23, 2016 09:02AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Highlighting in extension-generated IScanIssue instances

Built-in scanner issues can apply highlight to both requests and responses, however I don't see any API to do so in IScanIssue instances generated by extensions. The method getHttpMessages() returns an array of...

Last updated: Mar 18, 2016 01:25PM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

Burp Extension API - list available proxy interfaces

I am writing a Burp plugin that helps with proxying devices that do not have configurable proxy settings. To do this, I have the extension intercept DNS queries and respond with an IP address that points to an already...

Last updated: Mar 14, 2016 09:06AM UTC | 2 Agent replies | 1 Community replies | Burp Extensions

Problems with availability of HashMap in doPassiveScan (noob level)

Hi, First of all sorry for this stupid noob question, but it has been driving me crazy for hours now. Why is "hostHashMap" null in "doPassiveScan"? How can I make hostHashMap available? Many thanks in...

Last updated: Mar 10, 2016 11:25AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Problem in using SQLiPy extender

Hi, I am getting Importerror while starting SQLiPy.py api. Error thrown is no module named burp. I have loaded jython stand alone jar file. Other python extender like Authorize is working fine. Please do the help.

Last updated: Mar 10, 2016 07:32AM UTC | 0 Agent replies | 0 Community replies | Burp Extensions

burp extensions using makeHttpRequest

I'm trying to create a python Burp Extension where I new to do an HTTP request. I would like to use makeHttpRequest, however I'm getting the error: "java.lang.RuntimeException: java.lang.RuntimeException: Extensions...

Last updated: Mar 01, 2016 10:25AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

Python IDE code completion

Hello, I'm trying to properly setup a Python IDE so I can start can play around and create some Burp extensions. One of the advantages of using an IDE is of course code completion. However, I can't seem to figure out how...

Last updated: Feb 23, 2016 05:52PM UTC | 0 Agent replies | 1 Community replies | Burp Extensions

Session handling in Burp extensions

Hi, I am currently implementing a specific attack with a Burp extension. Before I start the attack, I need to delete all cookies for the target domain. The attack consists of several HTTP requests. For these requests I...

Last updated: Feb 12, 2016 03:31PM UTC | 2 Agent replies | 0 Community replies | Burp Extensions

Burp Ext

When I am running burp extension, I keep on getting following errors: Scanner: Timeout in transmission from xyz.com and Proxy: No response received from remote server. Is there anything I can do resolve this error.

Last updated: Feb 09, 2016 09:54AM UTC | 1 Agent replies | 0 Community replies | Burp Extensions

NullPointerException while attempting passive or active scan from extension

Hi Team - I am using Burp Suite Pro v1.6.36 and trying to automate passive and active scanning on incoming requests via Burp proxy. I get a NullPointerException while attempting to perform a passive or active scan and...

Last updated: Feb 03, 2016 05:59PM UTC | 1 Agent replies | 1 Community replies | Burp Extensions

Page 45 of 48

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image