Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

Execute code when active scanner starts (only once per scan)

Bajii0 | Last updated: Jul 10, 2023 08:39AM UTC

Hello, I would like to know if a method existed to do this. I want to execute my own script with burp scanner, but my script are crafting their own requests and stuff. So I only need my script to be executed once, like it was a test like another to run. I could implement a 'state' in my doActiveScan, but I wanted to know if there were anything that would be already implemented for this case. Thanks a lot !

Hannah, PortSwigger Agent | Last updated: Jul 10, 2023 03:35PM UTC

Hi There isn't any native way to do this with your code. You would need to keep track of this behavior yourself. You can run a BCheck at a Host level. This will only run the check once per host. You could implement similar behavior to this in your extension. An existing extension (J2EE Scanner) has similar functionality that it has achieved through annotations in Java. You can find the source code for this here: https://github.com/PortSwigger/j2ee-scan/tree/master/src/main/java/burp/j2ee/annotation It looks like you may be using the Extender API. Whilst this is still available for use, we'd recommend taking a look at the Montoya API. This is much easier to use and has additional functionality compared to the old Extender API.

Bajii0 | Last updated: Jul 11, 2023 07:39AM UTC

I'll check thanks. I can't find a good and complete tutorial for Montoya API since every tutorials are a bit old. Do you know any ? (the burp official tutorial does not go far enough for me).

Hannah, PortSwigger Agent | Last updated: Jul 11, 2023 09:46AM UTC

We have a lot of example extensions. You can use these as a base to build your extension on. These can be found here: https://github.com/PortSwigger/burp-extensions-montoya-api-examples Additionally, there is someone currently releasing some tutorial guides on the new Montoya API you might find helpful. You can find these here: https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-1/ Please let us know if you need any further assistance.

You need to Log in to post a reply. Or register here, for free.