Burp Suite User Forum

Create new post

how the extensions work on a lan network?

Lautaro | Last updated: Apr 22, 2023 03:49PM UTC

Hi everyone, Can you please help to understand a little more the configuration of the BurpSuite Professional, the problems are; i cant load the extension list directly from the BApp, but i can download (some extencions not alls) from the Web BApp and install them manually, also the burp collaborator doesnt work, i get the error i need to reconfigure. some times we need to test web apps that can acces only from the lan. for test web are accesible from the wan we use a proxy adress. The question is, i need to add some adress to a Firewall/proxy server whitelist? how i can configure the burp collaborator, for make it work at least for the wan app tets. If you need more information for help me resolve the problem tell me chiack i will asnwer, thank you! have a great day!

Michelle, PortSwigger Agent | Last updated: Apr 24, 2023 10:11AM UTC

Hi Can you access https://portswigger.net (for BApps) and https://oastify.com (for the public Collaborator) directly from your machine, or do you need to use a corporate proxy server to access these sites? When you download extensions manually, which ones have you had issues installing?

Lautaro | Last updated: Apr 25, 2023 05:01AM UTC

i can access to /portswigger.net, for oastify.com i need proxy. i download ans install succefully the fallows extencions: Autorize ActiveScann++ XSS filter Bypass Turbo Intuder i cant download manually the fallows extencions: Json web tokens Param Miner Bypass WAF thank you

Michelle, PortSwigger Agent | Last updated: Apr 25, 2023 07:39AM UTC

Hi If you configure the same proxy as your normal browser users under Settings > Network > Connections > Upstream proxy servers, can you access portswigger.net and oastify.com via Burp? Do you see any errors when you try to download the extensions that have issues? Can you describe the steps that you are taking, please?

Lautaro | Last updated: Apr 27, 2023 06:42AM UTC

portswigger,net i can acces, oastify.com i cant get the warning: security risk blocked for your protection. reason: this category is blocked. Compromised Websites. sites in this category may pose a security threat to network resources or private onformation, and are blocked by your organization. and a similar warning i get when i try to download some extencion but with the messege the file is ecompressed files.

Michelle, PortSwigger Agent | Last updated: Apr 27, 2023 02:00PM UTC

Hi These messages seem to be coming from your AV, which may be centrally managed by your IT team. If you contact your IT team, would they be happy to allow you to download these file formats used by extensions and access oastify.com? If they need details on what the public Burp Collaborator server is, they may find this documentation useful: https://portswigger.net/burp/documentation/collaborator

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.