Burp Extensions - Page 7 - Burp Suite User Forum

I get an error when calling the library from pyscripterer.

Hi. To use the parse library in pyscripterer, I went to python3 site_package and put the library in the loading modules option in Options>Settings. After that, when I load it with from parse import parse_qs, the following...

Burp Suite Community Edition Error Unknown host: portswigger.net

Hey team, Whaen i want to do some problem solve in portswage and open burp suit.Then the website give me Error.something like this:- Burp Suite Community Edition Error Unknown host: portswigger.net

Showing included libraries

Hi, burp uses a number of external libraries, for example bouncycastle. Why do you not publish which library and version is being used within burp, so that I can just re-use those libraries instead of having to add...

Multiple extensions give me a java error

Hi all, I use the latest version of Burp Professional on macOS Ventura. I notice that since yesterday some extensions don't work anymore and give me this error: Header Analyzer: at...

License Activation Error

I have reinstalled my kali linux and now when I tried to activate my Burp Suite Professional license it says "No more activations allowed for this license" error. Could you help me on this issue.

Cross-site scripting (DOM-based) - data is read from window.location.href and passed to $()

I'm getting the following error "The application may be vulnerable to DOM-based cross-site scripting. Data is read from window.location.href and passed to $()." My code looks like this let url =...

Turbo Intruder with Session Handling Rules

Hello to all, I'm trying to learn turbo intruder. I created session handling rules for 2FA lab to get CSRF tokens like: get /login post /login post /login2 every time I use repeater or intruder my session handling...

Batch Scan Report Generator - faild to create reports

After the new Burp Professional upgrade version 2022.9.5, Batch Scan Report Generator is failling to create reports. The plugin print the message "Report Generation Complete!" but it it doesn't saved the report to the...

Custom extension not marking requests as "Edited"

I've made an extension in Python that generates and inserts a custom header into all HTTP requests, and it works as-in the custom header is added correctly, but the requests do not have an Edited and Original version. All I...

Macro Items Returning Null

I'm trying to create a Burp Extension that uses values retrieved from a macro, however, macroItems[0].getResponse() returns null. Has anyone come across this error? If so, do you know how to fix it in python? I'm running...

Montoya API - Custom Scanner Check

Hi! Thanks for creating a new Burp Extension API, I am testing the new Montoya API to create a plugin with a custom scanner check. For this I used the ScanCheck interface and within the activeAudit function I would have...

Java Deserialization Scanner

Hello, It was checked that Java Deserialization Extension is not working properly anymore. It does not provide correct results while scanning vulnerable to Insecure Deserialization web application. I hope someone can...

no improvement with turbo intruder

Hi I'm doing SQL conditional lab, and I don't see and improvement with the turbo intruder. It's still very slow, especially after 100 requests or so. Are the labs throttled? Also I tried getting latest burp edition just to...

Chrome's Dom Invader buggy on sites protected by recaptcha

Hello, I am trying to use Dom Invader in order to find DOM XSS vulnerabilities on a website that is protected by google recaptcha. As soon as I enable DOM invader, I am getting logged out and when I try to log in it...

Hash lookup

Hi all, Sometimes I have a hash and want to reverse it to find the original text and the used hash algorithm. I want to ask if there is any extension that performs hash lookup. Thanks

BurnSuite website SSL error

I have configured Firefox to used Burp as proxy and everything works fine, except for one website. At the first "get request" everything works as it should be, that is, passed the traffic to burp and then i forwarded it....

Carbonator : No HTTPS traffic

I have configured carbonator and I am running the following command java -jar -Xmx2g -Djava.awt.headless=true /home/webscanner/BurpSuitePro/burpsuite_pro.jar https example.com 443 / --user-config-file=Config/userNew.json...

Burp wasn't intercepting localhost in brave browser

I'm using brave browser and wasn't able to intercept traffic in localhost anyone knows any fix on this? Thank you! - Certificate is okay - Other sites was intercepted

Email regard

Hi Team, I set up email notification in Burpsuit. when the site is scanning I want to get report by mail. I am receiving summary report but i want to get detailed report how to setup to get detailed report.

[Param Miner] Cachebuster in the User-Agent headers causes CloudFlare 403 block

Param miner automatically adds a cache buster to the user-agent, this gets blocked by CloudFlare. I've attempted everything, please how can I stop this behaviour??? Is there a workaround ???