Burp 2.0 extension-only audit
I have a local page that I use to test for LFI attacks, when I used to run active scan against this page in Burp 1.7.37, I get the attack detected by different extensions, e.g. J2EEScan. I tried to...
View Articleci integration with burp suite
Hi team, Our company recently bought professional burp suite. We need to integrate the burp suite and Jenkins. I want to know how the reports will be generated and send to us, as we don't have access...
View ArticleScan Summary Report into Jenkins
I am currently running scans using burp enterprise from Jenkins. The scan completes and a report is available on burp enterprise server. But how do I get this report to be displayed in Jenkins?
View ArticleScanning a site with basic authorization (Burp suite enterprise Rest API)
Hello. I want to scan sites where basic authorization is installed. What tokens can I use in building a curl request for basic authorization? curl -vgw "\n" -X POST...
View ArticleBURP CI Driver
hi, i downloaded Burp CI driver that provides a command-line interface for use by any CI platform. but not able to execute any commands using the jar file also could not find any source in google....
View ArticleSending an unmodified and a modified HTTP request
I am trying to write an extension that when the user makes a request the extension will send two requests, an unmodified request so that the browser will load normally and one where a parameter is...
View ArticleBurp Fails to add Jython.jar
I downloaded and installed Jython-2.7.0 following the link provided by Burp. I try to add this one to Burp and facing the error message: java.lang.ClassNotFoundException: burp.BurpExtender at...
View ArticleOutput in the UI
This is my code: package burp; import java.io.PrintWriter; import java.util.List; public class BurpExtender implements IBurpExtender, IHttpListener, IProxyListener { // // implement IBurpExtender //...
View ArticleUnable to edit the content headers
What is wrong in the below code ? I do not see the request getting edited as I don't find the 'Edited Request' tab at all: package burp; import java.io.PrintWriter; import java.util.List; public class...
View ArticleSystem.exit() kills Burp
I'm building an extension that will call a Java command line program from within Burp (by calling the main() method). Unfortunately, when the command line tool finishes, it calls System.exit(0); which...
View ArticleSession dies while scanning
Guys, I have this very general problem. I did a search across the google, but did not find a proper solution. This is what I have done: I have created a session validation under Projects->Sessions...
View ArticleIMessageEditorTab check Tool
I'm trying to create a simple jython extension to run a regex against the HTTP response and extract key fields into a new IMessageEditorTab. Is there anyway in IMessageEditorTab.isEnabled or...
View ArticleRequest interception
Hi there, I'm aware that if you register a IHttpListener you are able to intercept requests before they are sent out. Is it also possible to intercept a request prior to assigning it a tool, for...
View ArticlePython extension import package error
Hello, I've run into an application that AES encrypts the body of HTTP requests and responses, I am writing an extension to decrypt and encrypt the payloads. I am writing the extension in Python and I...
View ArticleTesting environment
Hi, I'm developing an extension and by this time got annoyed of development process where I need to restart extension to see the changes applied. Is there any way I could set up a testing environment...
View ArticlePersist IBurpCollaboratorClientContext
Hi, is there a way to persist IBurpCollaboratorClientContext object? When I reload my extension and get IBurpCollaboratorClientContext with callbacks.createBurpCollaboratorClientContext method it still...
View ArticleCarbonator scans not accurate
I just downloaded Carbonator extender through bapp and have use the command ./burpscan.sh http 127.0.0.1 80 /DVWA/vulnerabilities/ This launched burp UI and I checked that the scan does not detect SQL...
View ArticlebuildParameter not working
I built the HttpRequest using buildHttpMessage method and trying to add Cookie and Body param using LegacyBurpExtender.getInstance().getHelpers().buildParameter and addParameter and updateParameter...
View ArticleHow to set active scanner insertion points
I'm trying to set custom insertion points for the header,query param and body parameters. Currently I'm using active scan method by passing manually caluculated offsetlist....
View ArticleFailed to load Python interpreter from Jython JAR file
Hello Dear, I am facing an error. I am not able to add my extension in Burp. I am getting the follow error: java.lang.Exception: Failed to load Python interpreter from Jython JAR file at...
View Article