Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

No output using extensions

Shay | Last updated: May 25, 2022 08:34AM UTC

Hi, I'm using Burp Suite pro v2022.3.8. I have some extensions from BApp, but when I try to use them nothing is being shown in the logger++ / flow. When I used it before updating the new version they were seen. The extensions I'm referring to are: JS Miner HTTP request smuggling Param miner What I'm getting for example in the output in the extender tab for HTTP request smuggling: Updating active thread pool size to 10 Loop 0 Queued 0 attacks from 1 requests in 0 seconds Am I missing anything here? is it running? Thanks

Hannah, PortSwigger Agent | Last updated: May 25, 2022 10:39AM UTC

Hi The order that extensions are in in your "Extender > Extensions" table matters. This determines the order that they are loaded into Burp, and the order that traffic flows through them. If you put Flow/Logger++ as the final extension in your list, do you still have this issue? Additionally, have you tried using the built-in Logger tab in Burp?

Shay | Last updated: May 25, 2022 11:14AM UTC

Hi Hannah, Thanks for the response. I set Logger++ at the bottom of the table as suggested, so HTTPs request smuggling is above it. I triggered HTTPs request smuggling on a request and still nothing is shown in Logger++ and default Logger, in the output in the extender tab I get same output as before. Thanks

Hannah, PortSwigger Agent | Last updated: May 25, 2022 12:39PM UTC

Hi Logger++ and Flow don't output to the "Extender > Extensions > Output" tab - they provide their own tab across the top of Burp, in the same way as you have a "Dashboard", "Target" and "Proxy" tab. You should find any logged traffic in there. Could you drop us an email at support@portswigger.net with some screenshots, so we can better understand the issue that you are having?

Shay | Last updated: May 25, 2022 12:45PM UTC

Hi, I meant that on the Logger++ tab nothing is shown, and I sent the only output HTTPs request smuggling from the extender. I triggered the HTTPs request smuggling on a request and nothing is shown in Logger++, flow and default logger tabs. The Logger++ itself is fine, and I can different traffic. What should I sent in this case? Thanks

Hannah, PortSwigger Agent | Last updated: May 26, 2022 09:45AM UTC

Hi Could you try starting a fresh temporary project, then triggering an attack against https://portswigger-labs.net? Could you then drop us an email at support@portswigger.net with a screenshot of the contents of your Logger tab?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.