Burp Extensions - Page 8 - Burp Suite User Forum

Burp File Size - Extension data vs Persistence

Hi, Im having some issues with Burp file sizes due to extensions, but I'm confused as to the cause. I have an extension I created that is causing Burp files to balloon to 20x their normal size. As this extension makes...

Failed to download Bapp File

I encountered an issue while attempting to install a plugin from the BApp store as the Bapp File failed to download. Interestingly, when I utilize the URL "https://portswigger-cdn.net/bappstore" in my personal browsers such...

Importing external JFreeChart library - ClassNotFoundException

Hi, I'm developing a Burp extension in Montoya, and I'm using the external JFreeChart library to implement some graphing functionality. I have added it as a dependency in the following way: In the project...

Turbo Intruder error

Hi everyone, I've just downloaded Turbo Intruder and was about to use it for the first time. I chose one of the easiest lab for this...

Why do my built in lists in Burp have {Base} in the payload and how do I use them?

So, in Intruder if I load certain built in payload lists (like the SQLi one), many of the requests have an entry like "{Base}' or 1=1--", however then the request is sent to the server like: GET /example.php?id=123{Base}' or...

Highlighting in the Text Editor

In newer versions of Burp, the text editor highlights the request and response. Now for extensions it would be nice to "hook" into this process or replicate it in the TextEditor. I've tried to add <html> at the start of...

Other Extension interference

Hey, I've written an extension that analyses an app's parameters. However, I come across an issue with other extensions such as log4shell everywhere adding the query parameter "action" to every request. I've played with...

Confirmation of payment for extension of license

Hi, I would like to inform you; we made a payment in total amount of 449,00 USD. Payment is still in process. Could you please give me contact (e-mail address) to whom I could deliver proof of made payment. Thank you in...

Burp Automation - Scanning for specific vulnerability

Dear, I want to write a burp extension in java, that will use burp scanner. Can we scan a request with specific (user defined) audit configuration in burpsuite professional. Like, extension will check if there is an id...

Manual Install of Burp Extension

Hi, I hope I didn't miss it anywhere on the website, but I couldn't find how to install a local Jython extension in Burp through the Manual Install-button in the BApp Store tab. The extension runs fine in...

Java Deserialization Scanner

Hello, It was checked that Java Deserialization Extension is not working properly anymore. It does not provide correct results while scanning vulnerable to Insecure Deserialization web application. I hope someone can...

Sending Request Montoya

I'm trying to send a request with the following code, but getting -1. What's wrong with this workflow? TIA! HttpRequestResponse ret =...

Delete specific request from Burp's proxy history using my custom plugin

Hello, Is there a Burpsuite API that could be used to manipulate (or just delete) a specific request/response in the proxy history tab? Appreciate your support

Send HTTP request to extension?

Hi, I'm writing an extension in Montoya. Is there a method for accessing the Extensions option you get from right clicking on a request in the proxy or repeater? I want to have the following workflow: right click a...

IScanQueueItem.getIssues() not returning issues

IScanQueueItem.getStatus returns the updated Status but IScanQueueItem.getIssues() not returning any issues of completed scans. But Burp UI shows issues in portal. Am I missing anything? I'm testing with Burp pro...

Decode Base64 Post body for Scanner

Hi team, I have a requirement wherein I want to perform active scan on requests that contain base64 encoded POST body. The entire body is base64 encoded. The body when decoded, gives JSON data. I want to write an extension...

See modified Request in Extension

Hi there, I have two extensions, I make a request in one of the extensions in the same extension I modify the request/response in processHttpMessage method. I can see this modified request/response in Logger correctly....

Requesting more details on security reviews executed by PortSwigger on BappStore extensions

Hello! Based on the following quoted text extracted from: https://portswigger.net/burp/documentation/desktop/extensions "We review community-created extensions for security and quality before we make them available...

Get Websocket Server IP

I'm working on a websocket extension and would like to grab the host/ip and port of the websocket server when a websocket message is received. Looking at the API it looks like this is not possible, but I'm a newb with Java...

HttpRequest.httpRequest() to Proxy?

Newb here. I figured out how to send an HTTP request using montoya but it's not registered by Proxy. Is it possible to send an HTTP request and have it registered by the Proxy tool? Can someone point me in the right...