Burp Extensions - Page 46 - Burp Suite User Forum

decoding/encoding http request

Hello, I want to use following request to send it to the server!. /**********************************************/ POST /vaadin_vulnerabilities/UIDL/?v-uiId=2 HTTP/1.1 Host: localhost:8080 User-Agent: Mozilla/5.0...

Issues running any Ruby dependent extension

I'm trying to run Buby on my MacBook Pro Burp Pro. When trying to load the extension, I get the following error: LoadError: no such file to load -- pp require at org/jruby/RubyKernel.java:1040 (root) at...

TEst

'><svg/onload=alert(9)>

Intruder/Payload pattern-matching algorithms

Hello everyone, I have to "copy" some of the functionalities within burp for writing my own extension. This includes the "Intruder" tab aswell. To be honest the "Intruder" tab in burp is really really amazing. It...

IHttpRequestResponse - setRequest(byte[] message)

I am currently working on writing my own extension for burp suite: I get an exception when using the "setRequest(byte[] message)"from the IHttpRequestResponse interface, which looks...

Debug Java-Project

Hello, I am writing my own extension for burp and I was wondering if someone could tell me, if there is a way I can use the debug mode in my eclipse project to detect bugs etc.? The current situation is that whenever...

Problem with IScanIssue getHttpMessages()

I have users reporting issues with an extension that was working fine in 1.6x but is having a problem in 1.7.04 (I did not try with any earlier 1.7x release). The root cause is that the IScanIssue getHttpMessages() method...

Modifying message

Hi, I,m writing an extension which decrypt requests and responses and send it to Proxy-Intercept tab. So, I want to modify this message,ecrypt it and send forward, but message what is modified will not changed. In example...

Burp scanner: how to add support for csrf tokens

I'm having an issue with the Burp Scanner: when anti-csrf tokens are present, it seems the scanner cannot handle it and it faild to perform active/passive scans. Would it be possible through Burp Extension capabilities to...

Burp Suite 1.7 and carbonator

Hi, we were using Burp Suite Pro with Carbonator extension for a long before and it was working well as we have automated scans by launching it from command line. From version 1.7 we had to make some changes in script,...

applyMarker in Ruby - java Class Cast Exception

I am using Ruby to develop an extender, that do passive scan for a particular string in response. Everything is working fine apart from applyMarkers. When applyMarkers method is called I am receive the below error. Any Idea...

makeHttpRequest (timeout)

Hi, I am creating a Burp extension which is using the makeHttpRequest functionality in order to send some requests, but I would like to assign a maximum timeout to these request. Some of them could not have a...

Potentially misconfigured headers from extension "Header Analyzer"

The "Header Analyzer" extension reports the following issue: Potentially misconfigured headers: Header name: x-xss-protection. Header value: 1; mode=block My response contains this header: X-XSS-Protection: 1;...

Why Burp asks to activate license when starting by cmd.exe

Hi all, I met a problem with Burp. I developed a java extension to launch burp in cmd.exe. I wrote a .bat file and call it by Java Runtime. It asks me to activate the license again. If I open the .bat file directly, it...

Forcing Burp to open w/ scanner unpaused?

Is is possible to force Burp to open in a state which scans are forcibly unpaused? I'm working on a project where we call doActiveScans() to a single entry from getProxyHistory(), and upon clicking on the "Scanner" tab, the...

How to enable SQLiPy on Burp

I have added SQLiPy on Burp and I can see the tab too however I am not sure what to be added in the proxy and port to start it. Even when I tried adding it with my PC's proxy nothing is happening when I click on Start...

Stop scanning form API call

Hi, Is there any API to stop scanning and start scanning. I want to stop scanning when session is invalidated and resume on proper sessions. How can I achieve this. Regards, Sid

Modifying message before intercepting

Hi, I'm writing an extension which uses processProxyMessage() to modify the targets and bodies of various requests in various ways. For certain requests, I use message.setInterceptAction(ACTION_DO_INTERCEPT) to have the...

SQLPy Extension

Hi I cannot find the START SCAN button on the new version of SQLPy extension. Please help.

Spider treating active scan URLs with injected parameter queries as new urls to spider.

I built an extension that successfully spiders the application, but I have a problem where when active scanning starts in earnest, eventually it starts adding injected URLs into the scanning scope, thus duplicated the amount...