Burp Suite User Forum

Create new post

Burp Enterprise Extension Development Environment

Rémi | Last updated: Dec 21, 2022 10:10AM UTC

Hello ! I would like to develop a custom BurpSuite Enterprise Extension in Java but I encounter some issues using my JAR file. It is successfully loaded in Burp but when fails to run when I launch a new scan using it. I have seen that one of your colleagues on GitHub (https://github.com/Hannah-PortSwigger) seems to be developing extensions using a slightly different environment from what is described on the Extensibility page (https://portswigger.net/burp/extender/writing-your-first-burp-suite-extension). Could you please provide me more detailed information regarding the exact environment needed to develop extensions, the version requirements for Java, ... ? I am aware of an oncoming Declarative Scan Check feature that should be made available shortly but I want to develop extensions by myself to answer my exact business needs :) Best Regards, Rémi

Liam, PortSwigger Agent | Last updated: Dec 21, 2022 11:01AM UTC

Thanks for your message, Rémi. It looks like you are looking at our old guide (we've stopped linking to this on our website). You can access our new docs here - https://portswigger.net/burp/documentation/desktop/extensions We can provide the following guidance for Burp Suite Enterprise extensions: - Must be written in Java - Cannot contain UI/interactable components. When running in a Scanning machine, you will not be able to modify the extension - Cannot use tools that do not exist in Enterprise. For example, Enterprise does not have manual testing tools, so utilizing Intruder functionality through extensions would not work. Some areas are still accessible, like the site map, HTTP listeners, and any scan-related extension functionality Burp Suite Enterprise and Burp Suite Professional share core functionality, but this is strictly concerning Burp Scanner (i.e., scan checks and scanner-related functions), so any Burp Suite Professional extensions that relate to the Burp Scanner will be the easiest to translate across to Burp Suite Enterprise. Please let us know if you need any further assistance.

Rémi | Last updated: Dec 21, 2022 08:15PM UTC

Thank you for your response. I corrected my .java file based on what you provided me but I am still encountering issues with the creation of an acceptable JAR file. As I believe you developed some extensions internally, could you please provide me with some insights on your environment ? I can provide you my .jar file for you to take a look at it if you want to.

Liam, PortSwigger Agent | Last updated: Dec 22, 2022 01:35PM UTC

Hi Remi, thank you for following up. Could you clarify exactly what you mean by our "environment"?

Rémi | Last updated: Dec 23, 2022 08:16AM UTC

Hi, I meant the development environment that your team uses to create custom Burp Enterprise extensions (Java IDE, version, Gradle/Maven, ...) as well as additional information regarding how you create JAR files compatible with Burp Extension.

Liam, PortSwigger Agent | Last updated: Dec 23, 2022 11:57AM UTC

Hi Remi. I'll email you regarding the IDE. Are you looking for java based extensions that are compatible with Burp Enterprise? Here is an example of an extension compatible with BSEE - https://github.com/silentsignal/burp-log4shell. You can sort the extensions by their compatibility with BSEE on our BApp store page - https://portswigger.net/bappstore This page is a great place to start if you are looking to create your own custom extensions - https://portswigger.net/burp/documentation/desktop/extensions/creating Please let us know if you need any further assistance.

Rémi | Last updated: Jan 02, 2023 02:50PM UTC

Hello, Given the issues I had with developing my own extension, I wondered whether the issue was on my side or on Burp Enterprise side. I downloaded the .bapp of the HTTPoxy Scanner available on your Extension store (https://portswigger.net/bappstore/9c9877825cbd428bab27a25d0ea17178) and loaded it into Burp Enterprise. Using this extension in a new scan, I encountered the same issue as with my owns (see picture https://imgur.com/a/b9TeQai). Could you please provide me support regarding this issue, as it seems that Burp Enterprise does not support ANY extension on my side. For troubleshooting purposes, it should be noted that Burp Community/Pro were also installed in parallel of Burp Enterprise

Hannah, PortSwigger Agent | Last updated: Jan 03, 2023 11:32AM UTC

Hi Could you send us the scan debug log for your failing scan? You can drop us an email at support@portswigger.net. Is this a recent installation of Burp Suite Enterprise, or has the installation been running for a while, undergoing upgrades?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.