Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Install BApp Store Extensions with Montoya

Tyler | Last updated: Apr 20, 2023 08:34AM UTC

Hey, I've seen the new Montoya release and I'm working on installing extensions vis the importUserOptionsAsJson function. I would ideally like to install extensions directly from BApp Store, rather than cloning them and then adding them. Is there a way to do this if the user hasn't manually installed them? Thank you.

Hannah, PortSwigger Agent | Last updated: Apr 20, 2023 02:13PM UTC

Hi Could you provide some more context for what you are trying to achieve, please? If you have a look at the extension configuration in the user option JSON config panel, you'll find that you need to specify a file path for the extension. You will need to provide a valid file path on the local file system of the user. With regards to retrieving BApp files, have you checked out our online BApp Store? You can find this here: https://portswigger.net/bappstore

Tyler | Last updated: Apr 20, 2023 03:55PM UTC

Thanks for your response. I want to specify BApp extensions in my user config even if they aren't installed, then when the user imports the config, the extensions are installed via the BApp Store. So currently the user config has something like: "bapp_serial_version":15, "bapp_uuid":"ae62baff8fa24150991bad5eaf6d4d38", "extension_file":"bapps/ae62baff8fa24150991bad5eaf6d4d38... which refer to particular BApp extensions which are local to the machine. I would like to specify a BApp UUID and have it installed locally on the user's machine. Hope this makes sense, thank you

Tyler | Last updated: Apr 21, 2023 10:10AM UTC

Just an update, i think downloading directly via the Bapp Store is possible as you mentioned. is the UUID and bapp serial version static? The version is the one that slightly unnerves me. Thanks

Hannah, PortSwigger Agent | Last updated: Apr 21, 2023 10:28AM UTC

Hi The UUID will stay the same. However, we incrememnt the serial version whenever the BApp has an update. Burp uses the serial version to determine whether an update is available, so I think that if you were to set this to a low number (like 1), the extension would automatically update to the latest version on startup, and you wouldn't have to worry about that number. This would require some testing to determine if it would work or not, and may result in additional downloads. The serial version is retrieved from the BappManifest.bmf file. This is contained within the packaged .bapp file. If you had a method to extract this, then you could provide the configuration file with the correct serial version.

Tyler | Last updated: Apr 21, 2023 12:40PM UTC

Thats really useful information. I plan on doing a "diff" of the required extensions against the currently installed extensions to avoid duplicate downloads. Thank you

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.