Burp Extensions - Page 5 - Burp Suite User Forum

Sending Request using Montoya API

Hi Guys, Sending requests using the Montoya API based on examples is to use the following : ``` api.http().sendRequest(request2Send) ``` However, when I attempted to send a request, I get the following error...

missing HttpParameterType PATH

Hello, Why is there no PATH HttpParameterType in the montoya API? Is is meant to be included in the URL HttpParameterType?

Unable to access labs, getting 404 Not Found

Today, I am unable to access labs through burpsuit proxy. Yesterday, I was able to access it without any issues. I tried with chrome and mozilla firefox, Both showing 404-Not Found responses for all labs. My Mozilla Firefox...

Montoya API Documentation is not inline with the Montoya test extension

Dear all, I am looking to the Montoya test extension from here:...

Param Miner Rate Limit

Is there a way to rate limit the Param Miner extension when it is installed in Burp Community? You cannot use the Distribute Damage extension for this purpose as it cannot be installed in Burp Community.

I cannot install Hackvertor

I am doing this lab SQL injection with filter bypass via XML encoding. You recommend to install Hackvertor. I cannot install Hackvertor. It says installing and it stays in grey. Please help. Are there another...

Want to View Requests and Responses Simultaneously in Intruder

I've managed to view both requests and responses simultaneously using the following code, but it becomes cumbersome when redirects occur, as it doesn't display the initial request and response. Is it possible to develop an...

Ignore Macro for certain scan

I am currently working on developing a Python extension for active scanning. This extension has the ability to perform various types of scans, and as long as the user has configured macros, there are no issues with the...

Which extensions to use?

I want to perform basic vapt scanning on a domain or subdomains. So which are all the extensions that i can use for basic scanning.

Dynamically inserting client certificate

I've created a python extension to scan replies from a certain url for a certificate, and then save it to disk and run a command to convert it to pfx. This all works, I can then manually load it into the Project Options ->...

Cannot clean up configuration

Hi - I added the reshaper BApp, played around with it, and added a Rule for WebSockets containing an "unacceptable code point '–' (0x96)". Now on Loading the extension again (auto on startup or manually) I get an Error...

Extension driven passive audit

I have recently started seeing "Extension driven passive audit" automatically get created while I am testing. I checked the forums and prior release notes and didn't see any good answers to my questions. So here they...

gradlew error - HTTP Request Smuggler

Hi portswigger, When i run this command(gradlew.bat build fatjar or ./gradlew build fatjar), I get this erorr: ``` C:\Users\xxx\Desktop\http-request-smuggler-75a40815a944391bfbefe9c8b70faec1fae3ea21>gradlew.bat build...

Calling Logger through Montoya?

Hey there, I'm trying to create an extension which has a listener attached to the Burp Logger. Every time new requests/responses are logged, the extension will look through the new requests/responses and save the...

Montaya extension examples

For the old API (weiner) there was example in java, python and ruby. For the new montaya API there are only examples in java. Please add examples in python and ruby too.

Python Extension Loading Errors

I'm encountering this issue with all Python extensions from the BApp store and my personal extensions. This started to happen after a burp update at some point. I'm currently running 2023.10.3.4 but this started to happen...

HTTP Request Smuggler CLI

Hello portswigger, I want to use the HTTP Request Smuggler extender as cli, how can I do it? Regards.

Multiple IMessageEditorTab

I am working on creating two IMessageEditorTabs, one for requests and the other for responses. I know that I could use just one IMessageEditorTab and check whether the message is a request or response inside it. However, I...

Log4jShell scanner removed? Does Active scan++ supports Log4jshell?

Hi, Any reason why Log4jShell scanner extension is removed from BApp Store? Also, since Log4jShell scanner removed, does for all the below variants are supported by Active scan++ Feature Log4Shell scanner (this...

I can't install Highlighter and Extractor extension

Hi! I have a problem with the "Highlighter and Extractor" extension, it happens that when I want to install it from the BApp Store or manually, it gives me the following error: java.lang.Exception: Extension class is not...