Burp Suite User Forum

Login to post

Load an extension headless

Paul | Last updated: Nov 28, 2014 11:35AM UTC

Hi, I'm trying to build an easy scanner server, and need to configure Burp to scan in headless mode. As we don't have a graphical interface installed on this server, I have to do all things headless. I would like to load the carbonator BApp in the installation on my Debian 7.6 machine, but have no clue how to do this? I have copied the folder from my Kali box, and activated the installation properly on the virtual Debian machine (on the same laptop where I have the Kali) but I have no idea how to load the extension into burp right now... Can you please help me how to register an extension in headless mode, or hint me how to copy an installation with the correct settings?

Liam, PortSwigger Agent | Last updated: Nov 28, 2014 11:36AM UTC

Hi Paul Thanks for your message. Unfortunately, at present the only way to load an extension when Burp is running in headless mode is first to run Burp in non-headless mode, install the extension, ensure the Extender option “Automatically reload extensions on startup” is checked, gracefully shut down Burp, and then restart in headless mode. A workaround would be to try to copy the relevant Burp preferences from another installation into your headless machine. The preferences are stored in the default Java preferences store, which on Linux is located in the user’s home directory. FYI, we plan in future to support reload of an existing Burp project / state file via a command line argument, so you could create a suitable project on a non-headless machine, and then reload it on the headless machine. Please let us know if you need any further assistance.

Liam, PortSwigger Agent | Last updated: Feb 18, 2016 04:53PM UTC

Hi Thanks for your message. You can use the --project-file command to reload an existing Burp project via a command line argument. Have you tried creating a suitable project on a non-headless machine, and then reloading it on your headless machine?

Burp User | Last updated: Sep 06, 2016 09:55AM UTC

Hi guys, just read this post. Is there already a better way of doing this? cheers

Burp User | Last updated: Sep 09, 2016 09:52AM UTC

Hi there, that is precisely what I am doing. Am creating project setting in Burp GUI, save it and import into headless session. That works fine, expect that the extensions are not captured in the project config. When I run burp in headless mode on another machine the extensions would not get loaded nor do I have the option to configure it. When I start it on the machine the extensions get loaded from the last session. Could u explain how the caching works and what makes Burp load the extensions again? cheers

Liam, PortSwigger Agent | Last updated: Sep 09, 2016 01:30PM UTC

Extensions are loaded as part of Burp's User-level options. User-level options are stored within the local installation of Burp, and are automatically reloaded each time Burp starts. So, to run an extension in headless mode you should first run Burp in non-headless mode, install the extension, gracefully shut down Burp, and then restart in headless mode.

Burp User | Last updated: Sep 09, 2016 02:37PM UTC

Hey, hmm so to sum it up. I can save user options via the UI and can load them again. They actually startup my extensions again. <-- snippet saved user options "extender":{ "extensions":[ { "errors":"ui", "extension_file":"some.jar", "extension_type":"java", "loaded":true, "name":"something", "output":"ui" }, --> Now there are no command line options to import them again, only project options. Also callbacks.loadConfigFromJson(user_config) does not load them again only the project options. Guys is there no way to load the user options or do I miss something?

Liam, PortSwigger Agent | Last updated: Sep 09, 2016 02:38PM UTC

Yes, your summation is accurate. We do plan to provide a command-line option to load a specific extension. Unfortunately we cannot currently promise an ETA.

Burp User | Last updated: Jun 04, 2018 10:20AM UTC

Any update on this feature?

You need to Log in to post a reply. Or register here, for free.