Burp Suite User Forum
Hi, Im having some issues with Burp file sizes due to extensions, but I'm confused as to the cause. I have an extension I created that is causing Burp files to balloon to 20x their normal size. As this extension makes...
I encountered an issue while attempting to install a plugin from the BApp store as the Bapp File failed to download. Interestingly, when I utilize the URL "https://portswigger-cdn.net/bappstore" in my personal browsers such...
Hi, I'm developing a Burp extension in Montoya, and I'm using the external JFreeChart library to implement some graphing functionality. I have added it as a dependency in the following way: In the project...
Hi everyone, I've just downloaded Turbo Intruder and was about to use it for the first time. I chose one of the easiest lab for this...
So, in Intruder if I load certain built in payload lists (like the SQLi one), many of the requests have an entry like "{Base}' or 1=1--", however then the request is sent to the server like: GET /example.php?id=123{Base}' or...
In newer versions of Burp, the text editor highlights the request and response. Now for extensions it would be nice to "hook" into this process or replicate it in the TextEditor. I've tried to add <html> at the start of...
Hey, I've written an extension that analyses an app's parameters. However, I come across an issue with other extensions such as log4shell everywhere adding the query parameter "action" to every request. I've played with...
Hi, I would like to inform you; we made a payment in total amount of 449,00 USD. Payment is still in process. Could you please give me contact (e-mail address) to whom I could deliver proof of made payment. Thank you in...
Dear, I want to write a burp extension in java, that will use burp scanner. Can we scan a request with specific (user defined) audit configuration in burpsuite professional. Like, extension will check if there is an id...
Hi, I hope I didn't miss it anywhere on the website, but I couldn't find how to install a local Jython extension in Burp through the Manual Install-button in the BApp Store tab. The extension runs fine in...
Hello, It was checked that Java Deserialization Extension is not working properly anymore. It does not provide correct results while scanning vulnerable to Insecure Deserialization web application. I hope someone can...
I'm trying to send a request with the following code, but getting -1. What's wrong with this workflow? TIA! HttpRequestResponse ret =...
Hello, Is there a Burpsuite API that could be used to manipulate (or just delete) a specific request/response in the proxy history tab? Appreciate your support
Hi, I'm writing an extension in Montoya. Is there a method for accessing the Extensions option you get from right clicking on a request in the proxy or repeater? I want to have the following workflow: right click a...
IScanQueueItem.getStatus returns the updated Status but IScanQueueItem.getIssues() not returning any issues of completed scans. But Burp UI shows issues in portal. Am I missing anything? I'm testing with Burp pro...
Hi team, I have a requirement wherein I want to perform active scan on requests that contain base64 encoded POST body. The entire body is base64 encoded. The body when decoded, gives JSON data. I want to write an extension...
Hi there, I have two extensions, I make a request in one of the extensions in the same extension I modify the request/response in processHttpMessage method. I can see this modified request/response in Logger correctly....
Hello! Based on the following quoted text extracted from: https://portswigger.net/burp/documentation/desktop/extensions "We review community-created extensions for security and quality before we make them available...
I'm working on a websocket extension and would like to grab the host/ip and port of the websocket server when a websocket message is received. Looking at the API it looks like this is not possible, but I'm a newb with Java...
Newb here. I figured out how to send an HTTP request using montoya but it's not registered by Proxy. Is it possible to send an HTTP request and have it registered by the Proxy tool? Can someone point me in the right...
Page 8 of 48
Your source for help and advice on all things Burp-related.