Burp Extensions - Page 49 - Burp Suite User Forum

Scanner vs processHttpMessage (python)

Dear All, I have the following processHttpMessage() function to modify the scanner requests and check SQLi: def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): # only process requests ...

Jython Error for Burp Extension

Hey, I am trying to configure the jython api for Burp Suite and I am getting the following error. Does anyone know what I can do to fix this? root@osboxes:~/jython-burp-api# java -jar jython.jar -Dpython.path=Lib/ run.py...

getComment() not returning comment

Hey, I've wanted to read the comment of a request/response object. I'm using Jython and Java8. It's an implementation of a passive scanner, and the way I wanted to access: self._requestResponse.getComment() If I...

Extender API broken link

Hi, the extender page (https://portswigger.net/burp/extender/) has a link to a 2012 post titled "Writing your first Burp Suite extension" at http://blog.portswigger.net/2012/12/writing-your-first-burp-extension.html which...

makeHttpRequest is very slow

Hi all, I'm writing an extension that aims at sending many requests from multiple sessions of different users. Currently, I'm using callbacks.makeHttpRequest(...) to send requests but that method takes a very long time...

Intruder view original payload in the results

Hello! How can i do to view original payload in the results table intruder, before Processing payload rules. I try to do this: [code="python"] def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): ...

Highlight a tab

Is it possible to highlight an extension tab? When you do "Send to repeater" the repeater tab is highlighted. I'm working on a reporting extension, and I've added "Send to report" to the context menu. I'd like it to...

How do I Set a Token in URL Directory.

Hi, I want to set a token in URL Directory. And, I use macro. so I want to custmize Macro (on Intruder). Test Site has a Token in URL directory, don't have a url parameter. (Exp....

Adding GetSiteMap() to Carbonator

I'm attempting to add to the carbonator extension a method for extracting the sitemap URLs into a text file. The code I have written so far is below, and the output I get is 'array(burp.IHttpRequestResponse)'. I know I need...

Portable Burp Suite: Windows Auto Start Script

This script will automatically run the latest burp Jar and set java home path for portable installs :) @echo off echo this includes: echo portable java 8 64bit echo python support in burp echo CO2 and Logger++ echo...

How to change proxy by an extension when using intruder

Hello there. I posted a question( http://forum.portswigger.net/thread/1646/change-upstream-proxy-extension ) on forum not long ago, and developer gave me a rather primitive but direct recommendation. Actually, I toke...

burp hangs while shell command completes

Hello, I have an extension which calls a shell command that takes a bit to complete. After invoking this from the context menu, burpsuite hangs and resumes after the command completes. I have tried using threading to avoid...

The scanner report size is not consistant for the same web site.

Hi we have a job (scheduled to run once a day) that invokes BURP (with carbonator extension) through cammand line. this setup is been working for quite a while. when we look at scanner reports we see that some days it is...

How to send a post request?

I read the document and know that we could use `makeHttpRequest` to send request. I've tried that if I used `PARAM_URL`, it success. I've read this thread...

How Does Burp Handle Responses?

Hi, I hope this is not a duplicate question, but I couldn't find the response to it. I wonder if it is worth checking if the response I'm analyzing for the PDF Metadata Extension is actually a PDF file before reading the...

How to transfer some domain’s requests to my server?

I use Burpsuite as a proxy, and I want to collect all the requests of some domain, then send these requests to my server . For example, I want to collect all the requests of [target.com]. When a request like below come...

Running automated scans with Carbonator

We installed Carbonator from within the Burp scanner under the BApp store and ran the following command for as a test: java -jar Xmx2g c:\Users\Desktop\Burpsuite_pro_v1.6..21.jar https://www.google.com. We received the...

Re-writing responses

I am trying to write my first extension to add a csp header to the response. I have found several articles about adding headers to the requests but none for responses. This if my first try, which does not work. Any pointers...

Request and response time API must be implemented for logging functionality.

I have asked in Burp Suite User Forum about "Accessing the response time" for long time ago, and I am waiting for 1.5 years approximately, regarding to http://forum.portswigger.net/thread/686/accessing-response-time...

Adding POST request to site map also adds a GET for same URL

I have a simple class that implements IHttpRequestResponse and IHttpService. I use it to construct a IHttpRequestResponse object that is ultimately added to the site map using IBurpExtenderCallbacks#addToSiteMap. When...