Quantcast
Channel: support.portswigger.net :: Burp Extensions
Browsing latest articles
Browse All 115 View Live
↧

Generating Customised Intruder Attacks from an Extension

Hi, I'm trying to create a burp extension which generates customised intruder attacks. I'm aware that I can create attacks with some level of control...

View Article


Is it possible to retrieve the path of the currently open project?

I would like to retrieve the path of the currently open Burp Project to reference some resource on the filesystem relative to the project directory. I am unable to find a suitable API to do this in the...

View Article


Burp Extension + UpStream Proxy SLOWWWW

Hi all, I created a burp extension that decrypts AES traffic. The infrastructure I am testing is in such way that all requests' payloads are being encrypted with AES. In order to work around this, I am...

View Article

WebSocket API

I'm dealing more and more with websockets: is there _any_ way to modify requests on the fly? I'm not afraid of writing a custom extension or fiddle with scripting my own tools. FWIW, if you provide...

View Article

Burp Enterprise Edition/Pro Edition can be integrated with Microsoft Team...

Hi Burp Team, Currently we are evaluating the trial version of Burp Enterprise edition tool for security testing in our organization. The requirement is to integrate Burp Enterprise Edition/Pro Edition...

View Article


when I install a python extender(burpsmartbuster), it points out that "failed...

I have already install jython.jar file(2.7,the file has been selected in options) and python(but i have two versions of python and both of them is system variables) the error messages is here:...

View Article

Extender Not Displaying Plugins / Can't Refresh

I am behind a corporate proxy environment using Ubuntu. Using the corporate proxy settings I am able to use Firefox to view websites as expected so Burpsuite should be able to display the BApp Store...

View Article

Burp 2.0 extension-only audit

I have a local page that I use to test for LFI attacks, when I used to run active scan against this page in Burp 1.7.37, I get the attack detected by different extensions, e.g. J2EEScan. I tried to...

View Article


Scan Summary Report into Jenkins

I am currently running scans using burp enterprise from Jenkins. The scan completes and a report is available on burp enterprise server. But how do I get this report to be displayed in Jenkins?

View Article


IMessageEditorTab check Tool

I'm trying to create a simple jython extension to run a regex against the HTTP response and extract key fields into a new IMessageEditorTab. Is there anyway in IMessageEditorTab.isEnabled or...

View Article

Python extension import package error

Hello, I've run into an application that AES encrypts the body of HTTP requests and responses, I am writing an extension to decrypt and encrypt the payloads. I am writing the extension in Python and I...

View Article

Testing environment

Hi, I'm developing an extension and by this time got annoyed of development process where I need to restart extension to see the changes applied. Is there any way I could set up a testing environment...

View Article

Persist IBurpCollaboratorClientContext

Hi, is there a way to persist IBurpCollaboratorClientContext object? When I reload my extension and get IBurpCollaboratorClientContext with callbacks.createBurpCollaboratorClientContext method it still...

View Article


Carbonator scans not accurate

I just downloaded Carbonator extender through bapp and have use the command ./burpscan.sh http 127.0.0.1 80 /DVWA/vulnerabilities/ This launched burp UI and I checked that the scan does not detect SQL...

View Article

buildParameter not working

I built the HttpRequest using buildHttpMessage method and trying to add Cookie and Body param using LegacyBurpExtender.getInstance().getHelpers().buildParameter and addParameter and updateParameter...

View Article


How to set active scanner insertion points

I'm trying to set custom insertion points for the header,query param and body parameters. Currently I'm using active scan method by passing manually caluculated offsetlist....

View Article

Failed to load Python interpreter from Jython JAR file

Hello Dear, I am facing an error. I am not able to add my extension in Burp. I am getting the follow error: java.lang.Exception: Failed to load Python interpreter from Jython JAR file at...

View Article


Error "Request was dropped by the user" in Custom tab while using Burp extender

Hi, I am new to building burp plugin, I have implemented a message editor, but when I toggle the interceptor on and off, I get an error in the text editor itself: Error: "le>Burp Suite Professional...

View Article

Serializing IScanIssues

Hello Support Team, So I have created an implementation of IScanIssue but I am getting errors when trying to JSON encode the class like this: "java.lang.IllegalArgumentException:...

View Article

Accessing marker indexes from Intruder Payload

Hello Support, I am trying to grab the indexes from a user created Intruder payload but it doesn't seem like it is possible within the APIs. If I already have markers I can apply them to a...

View Article

How to integrate Scan Check Builder integration with Burp Extension API

How to integrate Scan Check Builder integration with Burp Extension API? I'm able to submit active scans by selecting profile manually through tool. But I want to integrate Scan Check builder with Burp...

View Article


Packaging Burp Extensions

How are we supposed to package extensions that require both Java and Jython? I've an extension which uses 2 python projects and those 2 use python modules like six. How should I package it for...

View Article


Burp Extensions Distribution

Hello, Can you please help with the question at https://support.portswigger.net/customer/en/portal/questions/17629848-packaging-burp-extensions?new=17629848? Not sure if it's not answered as there is a...

View Article

how can I add the resulting of this a burp plugin to the sitemap?

Hi I made a burp plugin to convert get to post and post to get and it is working when I am scanning the web app but how can I add the resulting of this plugin to the sitemap? this is my burp plugin:...

View Article

Bapps folder and non BApp store extensions

Hey guys, I have a question on how Burp installs extensions from BApp store vs local extensions. It looks like for ones installed from the store, Burp stores them under the bapps folder. However for...

View Article


trigger an active scanning programatically

Dear burp team, From an extension I would like to firstly do an passive scanning. Once the application was scanned then I would like programatically for each (passive) request to do an active scanning....

View Article

Packing/Unpacking custom POST data format for Active Scans

I'm trying to write an extension to test a mobile API endpoint that uses a homebrew message level encryption format. Basically there is a pre-shared AES key between the mobile app and the server, and...

View Article

Making a custom extender interface

Hi to all! Im currently creating a burp extension and I was wondering if there was any way to make an interface for it (Not just print things into the extender console). I read something about some...

View Article

Can I Dynamicly Proxy a Https Request in Burp Extention?

I am writing a random ip proxy extention to handle the problem of bloking ip when exceeding target's request rate limit.But i fount the setHttpService isn't work when the request is https.what can i do...

View Article



CO2 extension

Hello, may I know whether it is free to install the co2 extension in burp suite professional? thanks

View Article

Headless burp authenticated scans

How can I perform an authenticated scan using headless burp?

View Article

Add Custom Headers stopped to work.

Hi Guys! Any changes in Add Custom Headers extension? It stopped to work on Linux/Windows/1.7 and 2.X Burp versions. (:

View Article

Trouble integrating requests python library and jython

Im currently building a burp extension using Jython. At one point I basically get URLs from the proxy Tab and make an additional request with that url+someEndpoint with the Python Requests library. The...

View Article


Old version of AutoRepeater in the BApp store

Hello, extension AutoRepeater is available in the BApp store as version 1.0 from April, 4th 2018. The latest commit from the original repository https://github.com/nccgroup/AutoRepeater was on July...

View Article

Burp Suite Automation

Hi All We are trying to automate to test various vulnerabilities like xpath injection,sql injection, Cross-site scripting etc. We have referred the following link...

View Article

Send to decoder programmaticaly from extensions

There are methods in IBurpExtenderCallbacks for sending data to - repeater, - intruder, - comparer, and - spider. Why isn't there one for decoder? When writing a custom message editor with a custom...

View Article


Scan Configuration

I am building an extension that calls doActiveScan and doPassiveScan. Is there a way to specify the scanner configuration. Currently tasks are created and there is a default scanner configuration used...

View Article


Burp Extension for Intruder Payload with multiple payload lists

Hi, I am working on creating a extension for burp suite where a user can choose from a list of payload lists [one list for angular payloads, one list for react payload] according to the framework of...

View Article

XML tab "Reparse" Programmatically

Hi, I would like to know how the "Reparse" button in the request/response "XML" tab reformats XML documents programmatically via Java. Specifically, I am wondering what library(s) are used for this. I...

View Article

Extensions are not loading with Burp defaults

Hi Team, I always use Burp defaults option for configurations while opening/creating projects. I have a few extensions installed such as Retire.js, TokenJar, Active Scan++, etc. What my issue is that...

View Article

Extension load error code

os win 7 java.lang.ExceptionInInitializerError at org.python.util.PythonInterpreter.(PythonInterpreter.java:100) at org.python.util.PythonInterpreter.(PythonInterpreter.java:94) at...

View Article


Pause scanner from extension

Is there any API to pause the scanner from an extension? For example, let's say you are scanning an API with a rate limiter, and your extension can detect that you are getting close to the limit, can...

View Article

Get All URLs from a Website

Hello, I am currently writing a burp Extension. I need to get all URLs from the Website before the active Scan. How can I do this? Thanks

View Article


Failed to update Bapp List

Hi, My burp store list fails to be updated. I am using my employer's proxy settings and it may create some conflicts OR block some traffic. Do you have any work around this problem? Do you know how I...

View Article

Outdated extensions and open pull requests

Hello, some extensions (like "Add Custom Header") don't have their latest version available in the BAppStore, and that lasts for a few months (and I hate having to maintain private versions) First, I...

View Article


Custom Extension for Whitelisting

Burp Suite Pro v1.7.23 Is it possible to skip a certain link/URL for specific checks (e.g. CSRF, SQL Injection) during a scan, while remaining them ticked in Scanner Options? So for better...

View Article

Autorize

Do i need to buy burp suite Pro to use autorize?

View Article

Jython - ImportError: No module named expatreader

Hi, I would like to use defusedxml package. I am using Jython 2.7.1 standelone and I created virtual pyhton env where I installed defusedxml. I set up in bup extender "folder for loading modules" to -...

View Article

Can't Add a Extension to be Executed by session handling rule for checking...

Hi, First off just wanted to say that you guys have been doing a great job with Burp, it pretty much covers 85 - 95% of my daily web app pentesting needs with the core functionalities. So my problem is...

View Article


Additional Scanner Checks - Does it report HTTP 404 & 403 pages?

Hi, I am wondering if the Burp Extension - Additional Scanner Checks reports missing HTTP headers for HTTP 404 & 403 pages?

View Article

Browsing latest articles
Browse All 115 View Live