Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Option to select which extension to use during a scan

Ivan | Last updated: Jan 10, 2021 06:29PM UTC

Hi, I know that you can do it by using configs from extensions tab. But i think it would be better to be able to select extensions from configuration library's profiles. Like when i create a newer Autid profile, from custom checks selection I right click on "extensions generated issues" and choose from the list of loaded extensions. So if any extension is loaded or not will appear there. I know it can be very hard to do, but imho it would be very very usefull. Thanks for the great product and cheers!

Michelle, PortSwigger Agent | Last updated: Jan 11, 2021 12:03PM UTC

Thanks for the feedback! Can you tell us a bit more about how you would like to use this feature, please? For example, if an extension was not loaded but had been chosen in the configuration, how would you like to see it behave?

Ivan | Last updated: Jan 16, 2021 02:24PM UTC

Hi, i would make the config of the scan to get priority. If the configuration scan has (for example) J2EEScan enabled, it would load it and get ready to scan? Or maybe you have a better idea. But the more I use Burp, the more i need this :) Cheers!

Michelle, PortSwigger Agent | Last updated: Jan 18, 2021 03:22PM UTC

Thanks for the update. This could potentially have some interesting side-effects, as the ability to load some of the extensions will rely on other settings, e.g. Extender -> Options -> Python environment needing to be correctly configured. The advantage of loading the extensions prior to setting up the scan is that you can check everything is in place/ready to work before starting the scan. Do you find that you're often needing to change which extensions are used for individual scans within the same project file?

Ivan | Last updated: Jan 20, 2021 02:27PM UTC

Hi, ususally i tend to have like max 3 extensions unloaded. Like Upload Scanner, Collaborator Everywhere and NoPe Proxy, i use them only when needed. So maybe is possible to make a list to load at start up? If i save the user options, extensions list won't be followed. I mean, if i load Upload scanner and exit, when I open back Burp with my default configuration where Upload Scanner isn't flagged as needed to be load, it would be loaded anyway because it was too before closing Burp. I hope you understand what I've said. Cheers!

Michelle, PortSwigger Agent | Last updated: Jan 21, 2021 10:04AM UTC

Thanks for the feedback! We'll discuss this with the team.

Michelle, PortSwigger Agent | Last updated: Jan 27, 2021 11:41AM UTC

Hi We've had a chat about this here and have linked this feedback to a feature request for further review.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.