Burp Extensions - Page 46 - Burp Suite User Forum

Session handling in Burp extensions

Hi, I am currently implementing a specific attack with a Burp extension. Before I start the attack, I need to delete all cookies for the target domain. The attack consists of several HTTP requests. For these requests I...

Burp Ext

When I am running burp extension, I keep on getting following errors: Scanner: Timeout in transmission from xyz.com and Proxy: No response received from remote server. Is there anything I can do resolve this error.

NullPointerException while attempting passive or active scan from extension

Hi Team - I am using Burp Suite Pro v1.6.36 and trying to automate passive and active scanning on incoming requests via Burp proxy. I get a NullPointerException while attempting to perform a passive or active scan and...

AMF Deserialization Dispaly Tag

How to configure to see the AMF Deserialization tag in request and response. Refer :- https://www.netspi.com/DesktopModules/SunBlog/Handlers/Print.aspx?id=68 But it's showing error while I add it to burp extensio.

HTTP/2 - Upgrade Header filtered

Hi, I was experimenting with curl, sending HTTP/2 requests and realised that Burp is filtering/replacing the HTTP/2 Upgrade header since version 1.6.33. Therefore no HTTP/2 communication is established with the server. I...

Unable to intercept the web socket requests in v1.6.34

Hi, I was able to intercept & retrieve the web socket traffic in burp v1.6.31. But same traffic I'm unable to retrieve in v1.6.34. Could you please help me to resolve this issue. Thanks & Regards, Sharath

How can i modify http requests with processHttpMessage

Hello, Im using the following code to replace "ReplaceMe" string to "x" string in intruder request however response still didn't replace "ReplaceMe" string. public void processHttpMessage(String toolName, boolean...

Save and restore state of an extension

Hi! I'm working on a "Save and Restore state" for a Burp Suite plugin. The state must contain also some IHttpRequestResponsePersisted. My idea was to save host, port, protocol, request bytes and response bytes and then...

Bapp Extension Signature

When installing a Burp extension from the Bapp Store I see a "BappSignature.sig" file is part of the install. I assume this is a Bapp Store generated digital signature of the extender package and is checked by Burpsuite when...

Extract Response Message Body

Hey , I am making my first extension using Java in NetBeans, and I need to extract the message from the Response so that I can perform my operations over it. But after checking the examples and other javadocs , I was...

Customizing my TAB

Hey, I was writing my first extension with the aim to encrypt the selected responses to md5/sha1/etc based on user selection. Based on the custom logger extension example in the blog, I made my new tab with display and...

start burp remotely with Remote procedure call (windows)

Hi, We need to start burp on a windows server remotely using Remote procedure call. We also need the burp started with an extension loaded. Since we are not able to specify an extension on command line, we start burp...

start burp from perl script

Hi, I try to start burp from a simple PERL script. Then do some tests after burp starts. my $cmd = "java -Xmx1g -Djava.awt.headless=true -jar \"c:\\BURP\\burpsuite_free_v1.6.30.jar \" 1> null 2>&1"; print "start...

NotImplementedError with latest Jython release

The following change for the latest Jython release might break some UI-centric extensions: "Abstract methods of an inherited class or interface from Java now raise NotImplementedError, instead of returning None (in Java,...

IExtensionHelpers.makeHttpRequest() with cookies

It appears that IExtensionHelpers.makeHttpRequest(URL) does not include session cookies in the resulting request. How can I construct a GET request that includes the session cookies? Is there a helper method to get all...

Scanner vs processHttpMessage (python)

Dear All, I have the following processHttpMessage() function to modify the scanner requests and check SQLi: def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): # only process requests ...

Jython Error for Burp Extension

Hey, I am trying to configure the jython api for Burp Suite and I am getting the following error. Does anyone know what I can do to fix this? root@osboxes:~/jython-burp-api# java -jar jython.jar -Dpython.path=Lib/ run.py...

getComment() not returning comment

Hey, I've wanted to read the comment of a request/response object. I'm using Jython and Java8. It's an implementation of a passive scanner, and the way I wanted to access: self._requestResponse.getComment() If I...

Extender API broken link

Hi, the extender page (https://portswigger.net/burp/extender/) has a link to a 2012 post titled "Writing your first Burp Suite extension" at http://blog.portswigger.net/2012/12/writing-your-first-burp-extension.html which...

makeHttpRequest is very slow

Hi all, I'm writing an extension that aims at sending many requests from multiple sessions of different users. Currently, I'm using callbacks.makeHttpRequest(...) to send requests but that method takes a very long time...