Burp Extensions - Page 5 - Burp Suite User Forum

Active Scan++: Applinks in /.well-known/apple-app-site-association identified as Issue

Hi, this Burp extension is identifying as an issue that the file: /.well-known/apple-app-site-association is containing 'applinks', which is indeed the goal of such file. In the issue detail there is an "interesting"...

InQL Extension Loading Error

I am trying to Install InQL Extension on Burp following these instructions (https://github.com/portswigger/inql): To use inql in Burp Suite, import the Python extension: Download the Jython Jar Start Burp Suite Extender...

I get an error when calling the library from pyscripterer.

Hi. To use the parse library in pyscripterer, I went to python3 site_package and put the library in the loading modules option in Options>Settings. After that, when I load it with from parse import parse_qs, the following...

Burp Suite Community Edition Error Unknown host: portswigger.net

Hey team, Whaen i want to do some problem solve in portswage and open burp suit.Then the website give me Error.something like this:- Burp Suite Community Edition Error Unknown host: portswigger.net

Showing included libraries

Hi, burp uses a number of external libraries, for example bouncycastle. Why do you not publish which library and version is being used within burp, so that I can just re-use those libraries instead of having to add...

Multiple extensions give me a java error

Hi all, I use the latest version of Burp Professional on macOS Ventura. I notice that since yesterday some extensions don't work anymore and give me this error: Header Analyzer: at...

License Activation Error

I have reinstalled my kali linux and now when I tried to activate my Burp Suite Professional license it says "No more activations allowed for this license" error. Could you help me on this issue.

Cross-site scripting (DOM-based) - data is read from window.location.href and passed to $()

I'm getting the following error "The application may be vulnerable to DOM-based cross-site scripting. Data is read from window.location.href and passed to $()." My code looks like this let url =...

Turbo Intruder with Session Handling Rules

Hello to all, I'm trying to learn turbo intruder. I created session handling rules for 2FA lab to get CSRF tokens like: get /login post /login post /login2 every time I use repeater or intruder my session handling...

Batch Scan Report Generator - faild to create reports

After the new Burp Professional upgrade version 2022.9.5, Batch Scan Report Generator is failling to create reports. The plugin print the message "Report Generation Complete!" but it it doesn't saved the report to the...

Custom extension not marking requests as "Edited"

I've made an extension in Python that generates and inserts a custom header into all HTTP requests, and it works as-in the custom header is added correctly, but the requests do not have an Edited and Original version. All I...

Macro Items Returning Null

I'm trying to create a Burp Extension that uses values retrieved from a macro, however, macroItems[0].getResponse() returns null. Has anyone come across this error? If so, do you know how to fix it in python? I'm running...

Montoya API - Custom Scanner Check

Hi! Thanks for creating a new Burp Extension API, I am testing the new Montoya API to create a plugin with a custom scanner check. For this I used the ScanCheck interface and within the activeAudit function I would have...

My Burp extension stopped working since the latest Burp update

Hi - since I last updated by Burp, I'm getting a new error when trying to load a custom burp extension: java.lang.Exception: Extension class is not a recognized type at burp.u2_.J(Unknown Source) at...

I cannot install Autorize extension from BApp

Hi currently I am enrolling in a API Security course. I am in a setup lab stage and it requires extension named Autorize. I already followed all the steps including put the stand along jython installer .jar file in python...

Java Deserialization Scanner

Hello, It was checked that Java Deserialization Extension is not working properly anymore. It does not provide correct results while scanning vulnerable to Insecure Deserialization web application. I hope someone can...

no improvement with turbo intruder

Hi I'm doing SQL conditional lab, and I don't see and improvement with the turbo intruder. It's still very slow, especially after 100 requests or so. Are the labs throttled? Also I tried getting latest burp edition just to...

Chrome's Dom Invader buggy on sites protected by recaptcha

Hello, I am trying to use Dom Invader in order to find DOM XSS vulnerabilities on a website that is protected by google recaptcha. As soon as I enable DOM invader, I am getting logged out and when I try to log in it...

Hash lookup

Hi all, Sometimes I have a hash and want to reverse it to find the original text and the used hash algorithm. I want to ask if there is any extension that performs hash lookup. Thanks

BurnSuite website SSL error

I have configured Firefox to used Burp as proxy and everything works fine, except for one website. At the first "get request" everything works as it should be, that is, passed the traffic to burp and then i forwarded it....