Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Montoya API - Custom Scanner Check

Vinnie | Last updated: Oct 31, 2022 12:18PM UTC

Hi! Thanks for creating a new Burp Extension API, I am testing the new Montoya API to create a plugin with a custom scanner check. For this I used the ScanCheck interface and within the activeAudit function I would have the following code: // Enter payload in insertion Point byte[] req = auditInsertionPoint.buildHttpMessageWithPayload(payload.getBytes()); // Launch the request HttpRequestResponse scanRequestResponse = montoyaApi.http().issueRequest(HttpRequest.httpRequest(req)); Does not seem to work yet as most likely doing something wrong here in these lines of code. Any guidance would be appreciated! Thank you!

Michelle, PortSwigger Agent | Last updated: Oct 31, 2022 03:23PM UTC

Thanks for your message. Can I quickly double-check, are you using Burp Suite Professional with this new scanner check extension?

Vinnie | Last updated: Oct 31, 2022 03:55PM UTC

Jep I do ;)

Hannah, PortSwigger Agent | Last updated: Nov 01, 2022 11:57AM UTC

Hi Vinnie Do you have previous experience using the old Extender API? We have a large example extension that has "translations" from the old API to the new Montoya API. You can find the example for registering a custom Scanner check here: https://github.com/PortSwigger/burp-extensions-montoya-api/blob/73369af49eac0079199b5a3a5273835036d91adf/api/src/test/java/burp/api/montoya/TestExtension.java#L900 We should have some more examples of the new Montoya API being used in some sample extensions soon.

Vinnie | Last updated: Nov 02, 2022 11:23AM UTC

Thanks! Yeah I have experience with the previous one, essentially I am migrating my previous plugin to the new API. I think the file you shared might contain some more info for me to dig in deeper to make this work. And if not I will await the new sample extensions ;) Regardless, Thanks for the help! Appreciated!

Vinnie | Last updated: Nov 02, 2022 11:35AM UTC