Problem with burp extension to automate security checks of single sign-on
Hello, I'm currently trying to develop (jython) extension to automate some work with single sign-on protocols (like oauth, saml etc.). The main idea how it would work is: - Check requests if it's an...
View ArticleDetection of outdated components
Dear all, How can I know if a specific component is outdated and will be detected or not by BurpSuite? In specific I had a complaint from a customer, we did not detect that primefaces 5.x is vulnerable...
View ArticleBurp upstream proxy settings and setHttpService
Hello, I was wondering if you can help me with a few questions. I'm trying to dynamically set the upstream proxy depending on the current request and modify incoming response based on a set of rules....
View ArticleAutomatically Change Response
Hi, I am currently developing a Burp plugin in python and do have a problem for which I don't have a solution. I basically want to automatically change the response but I do have a plugin in between...
View ArticleBurp Extension Loading hangs
Hi I'm trying to load some Burp extensions (Java/Jython), but the load hangs without any error or log messages. I'm using the latest version of Burp Pro 1.7.35, the extensions I'm trying to load are:...
View Articlefailed to coerce [Lburp.IHttpRequestResponse; to burp.IHttpRequestResponse
Hi everyone. I writing burp extender code using Jruby. and... come in error :( Plz help me... [ Error ] failed to coerce [Lburp.IHttpRequestResponse; to burp.IHttpRequestResponse [ Code line ] def...
View ArticleRetire.js not working
Hi, The retire.js extension in Burp Suite Pro is not working. I do not see any feedback during passive scanning in either the "Target>Issue" or "Scanner>Issue activity" tabs. The firefox...
View ArticleSSL Scanner
Hi, I get this error while installing the burp extension for SSL scanner. Any help to resolve this? Jython version used is 2.7.0 Traceback (most recent call last): File...
View ArticleIs it possible to retrieve the path of the currently open project?
I would like to retrieve the path of the currently open Burp Project to reference some resource on the filesystem relative to the project directory. I am unable to find a suitable API to do this in the...
View Articleburp.byc
I was wondering if you have any idea what could lead to the following python stack trace when using the makeHttpRequest Burp extension API? Traceback (most recent call last): File...
View ArticleFailed to import .py extension: OSError: [Errno 0] chdir not supported in Java
As the title says, I am facing this when trying to install Python extensions in Burp. Is it something related to jython environment variables? Thanks This is the complete traceback: Traceback...
View ArticleFailed to load any python extension
Hi! I have a problem with loading any python base extension in burp. I downloaded a jyton-standalone-2.7.0.jar and also configured python environment in extender options but when I want to install any...
View ArticleBurp extention: Use of 'Analyze Traget' in custom extender
Hi, Can I get data(Engagement Tool->Analyze Target) of a target URL in custom burp extension? Actually, I need the data before running the scanner. If I get the data in extension, I can log the...
View ArticlePayload generator UUID
Is there an extension of the burp that create UUIDs on payloads?
View ArticleAccessing rendered HTML
Hi, Is it possible to analyze the contents of a response once it has been rendered? i.e - The magic behind the render tab Thanks
View ArticleBurp Extension + UpStream Proxy SLOWWWW
Hi all, I created a burp extension that decrypts AES traffic. The infrastructure I am testing is in such way that all requests' payloads are being encrypted with AES. In order to work around this, I am...
View ArticleBurp API Javadoc not accessible
I noticed that the javadoc for the Burp API is no longer accessible. Was this on purpose for the 2.0 beta? https://portswigger.net/burp/extender/api/
View ArticleSaving HttpRequestResponse to file
I noticed that there's a method called saveBuffersToTempFiles() that says that it allows saving of HttpRequestResponse objects to a file. Is there anymore information on how to use this? I haven't been...
View ArticleIssues with burp scanner
For one of my scan, I noticed that the scan threads request/response doesn't look like a actual captured request/response which were captured while crawling the application, Cookie part was removed...
View ArticleCustom payload processor / generator
My intruder scenario is brute forcing uids that are calculated based date. Current intruder has date payload, that is superb for the job. Now i would like to process these dates with my custom...
View Article