Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

burp_infiltrator_java

olek | Last updated: Nov 02, 2022 12:45PM UTC

hi Team Do you have any movie how to use infiltrator.I created file but this file should be insert in testing website or on my computer disk. I'm not smart person sorry.

Michelle, PortSwigger Agent | Last updated: Nov 02, 2022 03:56PM UTC

Hi I'm afraid we don't have a video about the Infiltrator tool, but you can find a description of how to use it here: https://portswigger.net/burp/documentation/infiltrator I hope this helps.

olek | Last updated: Nov 02, 2022 06:33PM UTC

Ok but machine containing the compiled application bytecode.The file should be insert where .??? in testing website ??

Michelle, PortSwigger Agent | Last updated: Nov 03, 2022 10:08AM UTC

When you use Burp Infiltrator, you run a tool that will make non-reversible changes to the application bytecode. The tool is run by the application developer or administrator on the machine that contains the application bytecode. This should not be used on production systems or any other systems where availability, performance, or correct operation is required. Burp Infiltrator makes changes to the application that may result in service outages, degraded performance, application errors, or other problems. When you use the tool, you will be prompted to enter the location for the application bytecode as one of the steps rather than placing a file in a specific location on the server. To revert the changes made by Burp Infiltrator, it will be necessary to re-deploy the application from original unmodified sources. You would also need to check whether the target application is written in one of the following, as these versions are the ones that Burp Infiltrator can support: - Java, Groovy, Scala, or other JVM languages (JRE versions 1.4 - 1.8) - C#, VB, or other .NET languages (.NET versions 2.0 to 4.5)

olek | Last updated: Nov 03, 2022 12:33PM UTC

Michelle you copy me instruction .WHY .I read it.? My question is about where This file should be insert .How this file communicate with Burp scanner .??????????

Michelle, PortSwigger Agent | Last updated: Nov 03, 2022 01:04PM UTC

Sorry I may have misunderstood your question. Can you clarify what you mean by the file?

olek | Last updated: Nov 03, 2022 01:40PM UTC

If you use thus new technology form Burp call infiltrator.Burp create file """""burp_infiltrator_java"""" Then Burp ask you where put this file on location. Where on my disc computer or on testing server . Then you start scan .How Burp communicate with this file get any Vulnerability. May you create any Movie how to use it .please????

Michelle, PortSwigger Agent | Last updated: Nov 03, 2022 02:40PM UTC

If you mean the burp_infiltrator_java.jar file, this is the file for the tool that performs the changes on the bytecode. The file should be given to the application developer or administrator, they can then run the JAR file on the server that contains the application bytecode (not on your own machine). When they run the JAR file, it will ask them a series of questions, including asking them to enter the filepath for where the target application bytecode is stored on the server. Their responses will dictate what changes are made to the code. You cannot revert the changes made to the bytecode using the tool, the application has to be re-deployed.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.