Getting Started with Burp Suite
Burp Suite Documentation
Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.
| Full Documentation Contents | Burp Projects |
| Suite Functions | Burp Tools |
| Options | Using Burp Suite |
Burp Extender
Burp Extender lets you extend the functionality of Burp Suite in numerous ways.
Extensions can be written in Java, Python or Ruby.
| API documentation | Writing your first Burp Suite extension |
| Sample extensions | View community discussions about Extensibility |
Retire.js not working
Hi,
The retire.js extension in Burp Suite Pro is not working.
I do not see any feedback during passive scanning in either the "Target>Issue" or "Scanner>Issue activity" tabs. The firefox Retire.js plugin does show issues so I know it should show something.
I just downloaded Pro with this plugin as one of the reasons. I do run on the newest Kali which has JRE version 10.0.2, please tell me if it is logical that it would be that. The extension it self has no errors, only shows Loading the latest...... as the last output.
Kind regards,
Could you try using the Linux platform installer version of Burp Suite? This comes bundled with it’s own version of Java.
So the installer doesn't work at all....
(might be a second support ticket I should create :P)
Would it be possible to send us screenshots of the error messages you are encountering?
I got the following error: Could not initialize class sun.awt.X11GraphicsEnvironment
Which was due to how I was displaying over VNC and running the script with root.
For everyone with this issue, "unset DISPLAY" was all I had to do (as root) and then it worked.
Now for Retire.js, it also doesn't work with an installed Burp. The active scan that I did this night did show 1 of the vulnerable JS, but not the others (should be 4 if I believe Retire.js FireFox plugin). When passive browsing the scanner tab does report "Cross-domain script includes" that have the vulnerable JS libraries in them so I am sure something crosses through Burp that should be flagged by Retire.js.....
Any ideas?
It might be worth contacting the developers of the extension to find out if they are doing anything differently:
- https://github.com/portswigger/retire-js
If the application is public facing / part of a bug bounty scheme we could perform some testing ourselves?
https://github.com/h3xstream/burp-retire-js
Thanks for the update Krzysztof.