Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Create a multi-task extension

Bajii0 | Last updated: Jun 26, 2023 10:07AM UTC

Hello, I would like to create a multi-task extensions, checking for a lot of different things such as header presence, injection, or even broken access control. In order to do it, I though need to separate things and I cannot find a good way to do it. For example, i don't want my extension to be testing for broken access control at the same time than checking injection. Is there a correct way to do that ? Or is it better to do a bunch of differents extensions and launch it from a main extensions ? Should I stored the request once to replay it with different tests ? I'm looking forward for yours answers ! PS : I'm new to burp extensions creation, so sorry in advance if I said absurd things. If you have any other user post that could be help, I would be really gratefull if you can send the link below. Thanks again for your help !

Hannah, PortSwigger Agent | Last updated: Jun 26, 2023 10:44AM UTC

Hi It sounds like you want to provide a number of additional scan checks to Burp. You can find an example extension written in the Montoya API to add an additional scan check to Burp here: https://github.com/PortSwigger/burp-extensions-montoya-api-examples/tree/main/customscanchecks You can register multiple scan checks in one extension, in the same manner that a scan check is registered in the example extension.

Bajii0 | Last updated: Jun 28, 2023 08:04AM UTC

I'll check it thanks, is there any similar project in python ?

Hannah, PortSwigger Agent | Last updated: Jun 28, 2023 08:50AM UTC