Quantcast
Channel: support.portswigger.net :: Burp Extensions
Browsing all 115 articles
Browse latest View live

How to deploy an extension

Any guides out there on getting started writing extensions? I've found sample extensions and I can build them with Intellij, but I'm not familiar enough with java to create the jar file. Thanks

View Article



How is PHP Object Injection is reported by burp extension "PHP Object...

While scanning the XVWA (Xtreme Vulnerable Web Application) consisting the vulnerability-PHP Object Injection i.e. Insecure Deserialization, burp extension "PHP Object Injection Check" doesn't report...

View Article

API function to check if URL is in scope?

I have created a custom extension that takes all requests of a certain domain from the sitemap, does some magic on the insertion points and then adds the requests with custom insertion points to the...

View Article

callbacks.makeHttpRequest encode special characters to url encode

Hi! When I making the requests with special characters, for example , the request is encoded with "URL encode". How could I send the request without encoding anything? My code is as follows: for(String...

View Article

burp collaborator

How to use collaborator and what are settings for to use it? and can any one provide me an example for how it works.

View Article


Design new extension - Problem with buildRequest and URL Encode

Hi! I'm new to extending Burp and I wanted to add an active scanner plugin for some injections. When I making the requests with a payload with special characters, for example alert(1), the request...

View Article

BurpSmartBuster Not Working

Hello, Whenever I try to use BurpSmartBuster it generates errors and does not work properly. It had worked at some point in the past, but that was at least 6 months ago. I am using Burp Suite Pro...

View Article

Extension does not load when BURP is loaded through Windows Task Scheduler...

I'm trying to run BURP with my extension with the Windows's Task Scheduler. When I'm logged in, the Task Scheduler is able to open BURP in headless mode and preload my python extension fine. The issue...

View Article


Burp Extension

Hello there, I am getting the following exception when I'm trying to log a Jython extension I made, please let me know if anyone has face this :S java.lang.RuntimeException: org.python.core.PyException...

View Article


AMF

What is the current state of AMF support within Burp and Burp plugins? Searching through old support post most AMF support seems very outdated. I'm using Pro 1.7.30. I've tried Blazer. It throws a null...

View Article

Giving some input parameters to A Burp Suite Extension !..

Hello Burp, I wrote a new Burp Suite extension and I can load it to Burp and work with Burp. But I want to give a parameter to the extension so this extension can use this parameter while its running....

View Article

API function to change Response on the fly

Hi I'm aware of Match and Replace feature to change response on the fly. But is there a way to do it from plugin API ? I'm looking at potential API...

View Article

Active scanning sorting features and insertion points fine control.

Hello, With the aim of automating Burp scan in a development cycle, I wish to get the proxy history of a specific Burp project and launch an active scan on each items. To do so I was wondering if you...

View Article


Generating Customised Intruder Attacks from an Extension

Hi, I'm trying to create a burp extension which generates customised intruder attacks. I'm aware that I can create attacks with some level of control...

View Article

Can't modify scanner issues context menu

When I try to add a context menu entry to the scanner issues context menu, nothing shows up, it also does not return a InvocationContext when I right click on the scanner issues.

View Article


Attack selector always queues custom attacks

Hello there, I'm trying to figure out how to use the Attack selector extension. After creating a custom attack. I select from the context menu somewhere in Repeater/Proxy/...etc and it goes with status...

View Article

Odd inconstancy in extension behaviour

Hello, I wrote an extension that fails for one of my user throwing an exception: --- Traceback (most recent call last): File "E:\BurpSuite Settings and...

View Article


How to scan all urls of a webpage from command line.

Hi Team, I have used carbonate to san url from the command line where i can pass one url at a time and it scans the url and gives me the HTML report. Can i scan all the urls of a webpage from command...

View Article

Counting the requests from extensions

Hi, I want to ask - when I use some extenders (e.g. Scan Check Builder), when I remove all the Active scan rules, apart from those coming from extensions, and I only have a single extension running. In...

View Article

Extensions class loading

Hello, I was wondering if Burp supports class loading from extensions. What I am looking for is if an extension can be made available as an API and that API's classes be used from other extensions....

View Article
Browsing all 115 articles
Browse latest View live




Latest Images