Burp Suite User Forum

Create new post

Burpsuite Extension Reshaper and Custom Send To doesn't work

Chim | Last updated: Oct 15, 2023 11:40PM UTC

I am trying to run a Linux command within Burp Suite. First, I tried to use the Reshaper Extension to "Run Process" as a command line in Linux. Please see my setup below: When: Event Direction: Request Then: Run Process: Command: sh -c 'Nordvpn -c' I even tried to run the script but it doesn't work as well. Therefore, I tried to run this thru Custom Send To Extension. But the extension does not work either. It doesn't work with any command. Please see attached. When tried to execute the command it showed a popup error message "There was an unknown error during command execution". Please help! What is the best way to run a command line within Burpsuite now? What

Hannah, PortSwigger Agent | Last updated: Oct 16, 2023 02:06PM UTC

Hi Have you tried getting in contact with the extension author? You can raise an issue on the repository for Reshaper here: https://github.com/synfron/ReshaperForBurp/issues

Chim | Last updated: Oct 16, 2023 03:53PM UTC

I did. But they haven't reply yet. Do you have any suggestion in the meantime? Is there anyway to run or call a command line within Burp Suite?

Hannah, PortSwigger Agent | Last updated: Oct 17, 2023 09:22AM UTC

Can you explain a bit more about what you are trying to do with the command line? If you're trying to connect to NordVPN, you shouldn't need to use a command. Instead, it looks like you should be able to connect directly to the VPN from Burp using a SOCKS proxy. I found the following documentation from NordVPN about connecting via proxy: https://support.nordvpn.com/Connectivity/Proxy/ Whilst there isn't a generic example, the basic outline of the steps for the different examples is roughly the same. In Burp, you can get to the SOCKS proxy configuration by going to "Settings > Network > Connections > SOCKS proxy".

Chim | Last updated: Oct 17, 2023 09:51PM UTC

I am trying to rotating the proxy by invoking a command line in Linux because the target website kept on blocking the ip address. I tried to use the IP Rotator extension but it doesn't work out since IP Rotator will change the IP address on "each" connection. I am currently use several macros to complete the Pentest. I need to have IP address staying the same thru out the macros and sessions. I only need it to change when a new Pay Load started. Do you have any suggestion to work around this? Thanks

Hannah, PortSwigger Agent | Last updated: Oct 18, 2023 04:13PM UTC

Hi It may be possible for you to adjust the IP Rotate extension so that only after your Intruder payload is sent, the IP address rotates. This extension is written in Python/Jython, so shouldn't be too difficult to modify. The logic that controls the IP rotation and rebuilding the request with the updated information can be found in the "processHttpMessage()" function. You can find the code for this extension publicly available on our GitHub, here: https://github.com/PortSwigger/ip-rotate/

Jay | Last updated: May 21, 2024 11:49PM UTC

Did you ever resolve your issue?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.