Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Corporate BAppStore

Steven | Last updated: Dec 05, 2022 08:54AM UTC

Hi Team, would it be possible to have a "corporate" BAppStore which would extend the current BAppStore and allow testers to point BurpSuite to that BAppStore to download not only the official BApp extensions, but also internally developed ones. I believe that we are not the only company that have created extensions that interact with their own internal systems. Thanks in advance. Kind regards, Steven van der Baan

Hannah, PortSwigger Agent | Last updated: Dec 05, 2022 11:20AM UTC

Hi Steven Thank you for your feedback! We'll discuss this idea further internally. Do you currently have a shared folder or repo that your testers can download extensions from? You could potentially write your own extension to replicate this behavior, but I don't think you'd be able to replicate the one-click installation that you have with the built-in BApp Store. You could perhaps have an extension that: - Downloads files from an endpoint and saves them locally - Generates a user option configuration file that a user can then load into their Burp installation If you think your extensions are applicable to a wider audience, then we'd love for you to submit them to the BApp Store.

Steven | Last updated: Dec 06, 2022 01:21PM UTC

Hi, we have a system where testers can download the extensions from. We are also building a new extension that tries to replicate this behaviour, however we already have received comments from our beta testers that they don't like the extra steps required to get it working. Currently a tester needs to: - save their user_config file - point our extension to that user_config file, select any new extensions to be added - load this new user_config file If they at any point have added another extension from the official BApp Store and forgot to save their user_config file, they will loose this extension. We have checked, but both APIs only give access to project_settings. When we have extensions that can help other testers and have passed our internal quality control, we do submit them to the BApp store. Cheers, Steven.

Hannah, PortSwigger Agent | Last updated: Dec 08, 2022 10:47AM UTC

Hi Steven I could raise a feature request for API access to the user options configuration? You could have your extension link to a download of your internal extensions, and then the user would just need to manually load the extension into Burp - similar to the manual install option for BApp Store extensions.

Steven | Last updated: Dec 11, 2022 07:26PM UTC

Hi Hannah, a feature request would be wonderful, thank you. Perhaps make the feature similar to the project options, like: - String exportUserOptionsAsJson(String... paths); - void importUserOptionsFromJson(String json); I would suggest to change the return value for the import function to a boolean. This allows a user popup with a question to accept these new user options, and based on that response return if the options have been imported.

Hannah, PortSwigger Agent | Last updated: Dec 13, 2022 09:02AM UTC

Hi Steven We've raised your feedback as a feature request to be discussed further by the team. If there's anything else we can help with, then please let us know.

Steven | Last updated: Aug 10, 2023 09:17PM UTC

Hi, is there any word on this feature request? Thanks, Steven.

Hannah, PortSwigger Agent | Last updated: Aug 11, 2023 08:37AM UTC