Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Troubleshooting custom extensions

Zac | Last updated: Nov 12, 2021 05:25PM UTC

I am trialing the Enterprise Edition and I have written my own custom Java extension (that I package into a self-contained "fat" jar) because I need Burp to add a custom header to each and every request that it makes. Let's say this is a "Fizzbuzz" header that will have a UUID value generated by the Java extension. For example, "Fizzbuzz: ED50D3E9-CC55-46D6-B537-CD40A2FD15D1", etc. In the web console, I log in and go to Settings >> Extensions >> Custom Extensions >> Upload extension, and then I upload my jar file. In my site scan, I configure the scan to use this custom extension and can verify (by looking at the UI) that it appears to be configured to use the extension. I run a scan and it completes. I go to Scanned URLs and find a sample URL that was scanned. I click it and see that there was an Issue with it, so I click on the Issue and then go to the Request tab. I see: ``` GET /apicrpbsmo7j0/v1/core/folders HTTP/1.1 Host: my-bsee.example.com Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en-US,en-GB;q=0.9,en;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36 Connection: close Cache-Control: max-age=0 ``` Why am I not seeing my Fizzbuzz header? Did something potentially fail in the custom extension or am I just looking in the wrong screen? How can I be sure my custom extension was invoked on each request and executed properly? More generally: a) How can I troubleshoot this issue, or any other issues with custom extensions? Can I write to STDOUT/STDERR from inside the extension, or a log file, and view the output somewhere or somehow? b) How does Burp interact with these custom extensions? If I implement IBurpExtender and IHttpListener, will the extension be invoked for each and every HTTP request that Burp makes as part of a scan? Or is there filtering involved somehow?

Uthman, PortSwigger Agent | Last updated: Nov 15, 2021 12:29PM UTC