Burp Extensions

Python extension import package error

Hello, I've run into an application that AES encrypts the body of HTTP requests and responses, I am writing an extension to decrypt and encrypt the payloads. I am writing the extension in Python and I receive an error...

Burp Extension + UpStream Proxy SLOWWWW

Hi all, I created a burp extension that decrypts AES traffic. The infrastructure I am testing is in such way that all requests' payloads are being encrypted with AES. In order to work around this, I am sending the...

Is it possible to retrieve the path of the currently open project?

I would like to retrieve the path of the currently open Burp Project to reference some resource on the filesystem relative to the project directory. I am unable to find a suitable API to do this in the documentation. Is...

when I install a python extender(burpsmartbuster), it points out that "failed to load bapp"

I have already install jython.jar file(2.7,the file has been selected in options) and python(but i have two versions of python and both of them is system variables) the error messages is...

Request interception

Hi there, I'm aware that if you register a IHttpListener you are able to intercept requests before they are sent out. Is it also possible to intercept a request prior to assigning it a tool, for example, the...

Method to Pause/Unpause Scanner

Does the API include methods for an extension to pause and unpause the scanner? I have searched the Javadocs but didn't find any. My scenario is an extension that implements ISessionHandlingAction to re-login the user...

Unable to edit the content headers

What is wrong in the below code ? I do not see the request getting edited as I don't find the 'Edited Request' tab at all: package burp; import java.io.PrintWriter; import java.util.List; public class BurpExtender...

Session dies while scanning

Guys, I have this very general problem. I did a search across the google, but did not find a proper solution. This is what I have done: I have created a session validation under Projects->Sessions Under that, I have a...

System.exit() kills Burp

I'm building an extension that will call a Java command line program from within Burp (by calling the main() method). Unfortunately, when the command line tool finishes, it calls System.exit(0); which doesn't just kill the...

Burp Fails to add Jython.jar

I downloaded and installed Jython-2.7.0 following the link provided by Burp. I try to add this one to Burp and facing the error message: java.lang.ClassNotFoundException: burp.BurpExtender at...

Output in the UI

This is my code: package burp; import java.io.PrintWriter; import java.util.List; public class BurpExtender implements IBurpExtender, IHttpListener, IProxyListener { // // implement IBurpExtender ...

Sending an unmodified and a modified HTTP request

I am trying to write an extension that when the user makes a request the extension will send two requests, an unmodified request so that the browser will load normally and one where a parameter is added at the end of the URL...

BURP CI Driver

hi, i downloaded Burp CI driver that provides a command-line interface for use by any CI platform. but not able to execute any commands using the jar file also could not find any source in google. could any one suggest...

Scanning a site with basic authorization (Burp suite enterprise Rest API)

Hello. I want to scan sites where basic authorization is installed. What tokens can I use in building a curl request for basic authorization? curl -vgw "\n" -X POST 'http://burp.link.to.rest.api/v0.1/scan' -d '{ (???basic...

ci integration with burp suite

Hi team, Our company recently bought professional burp suite. We need to integrate the burp suite and Jenkins. I want to know how the reports will be generated and send to us, as we don't have access to Jenkins. What...

Issue in loading jython files to burp

hello, I am seeing errors when I try to load burp extensions jython format, below is the error I see: java.lang.Exception: Failed to load Python interpreter from Jython JAR file at burp.cs3.<init>(Unknown...

how to pass a file with URLS to SSLScanner

Hi fellow Burp suite users, I am using the SSL Scanner extension with Burp Suite and I wander if anyone has a script that can read a list of URLs from a file and then pass one item at a time to the SSL Scanner, run the...

how to start burp with specific extension loaded?

Hi, I am doing burp automation test. I would like to know if there is a way to start burp with a specific extension loaded. I noticed that burp will start with the last configuration used. Is there a configuration file that...

What class/parameter makes the extensions be part of the scanner "Follow redirection when necessary"

Hi guys, I have an extension here and I am looking for a reflective value, although when I look at flow or logger++ the 302 is hit but never followed after the POST. Is there a special trick to have the extension...

Auditing not calling doActiveScan(...) method via Extensibility API

Hi folks, I am currently trying to learn the Burp Extensibility API using this example (in Java); https://github.com/PortSwigger/example-scanner-checks and getting stuck with something. With latest Beta version of...