Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • IHttpRequestResponse.setMessage() does not update Proxy History automatically

    If I call setMessage on a IHttpRequestResponse instance, it does not update the Proxy History window automatically. However, if I force a redraw (for example by clicking on the item), the new comment appears, so it seems that the underlying object model gets updated by my call, it's just that it doesn't invalidate the already drawn view. I tried this with Burp Suite Pro v1.7.16 on Deb...

    0 Community Answer
    Jan 20, 2017 10:36AM UTC
  • Passive Scanning of Active Scan Results

    In Extensions, do passive scan checks (implementing IScannerCheck.doPassiveScan) automatically get applied to all responses of active scans as well? Or is passive scanning only done for the initial request/response and ignored thereafter? If you want to run the same checks on active scan responses do you need to explicitly implement IScannerCheck.doActiveScan?

    5 Agent Answers    5 Community Answers
    Jan 18, 2017 07:56PM UTC
  • unexpected makeHttpRequest timeout value

    I'm using IHttpRequestResponse makeHttpRequest(IHttpService httpService, byte[] request) to send a modified request that I got from an IScanIssue. If the target host is down, I get a timeout (return == null) and it takes approximately 26 secs. I don't know how this 26s is calculated since my timeout values are: Normal 120 Open ended: 10 DNS resolution 300 Failed DNS resolution 6...

    1 Agent Answer    0 Community Answer
    Jan 17, 2017 02:48PM UTC
  • xssvalidator instaaltion issue

    Hi, i was installing xssvalidator in Burp suite free edition but i am unable to do it, i am getting the following issue Step1: installed xssvalidator in burp Step2: Downloaded ant & installed it Step3: creating extender .jar Query : Not able to build the jar as the following error is displayed Error: [javac] ^ [javac] /Users/vik...

    1 Agent Answer    0 Community Answer
    Jan 17, 2017 10:39AM UTC
  • Active Scanner Extension Incrementing Requests

    I have a custom active scanner extension which makes a finite number of requests via callbacks.makeHttpRequest(). This does not appear to increment the current active scan with the correct number of requests being made and stalls the scan status % given it does an 'unknown' number of requests. How does one tie into this to a) present the number of requests the plugin will make and b) inc...

    1 Agent Answer    0 Community Answer
    Jan 09, 2017 06:43PM UTC
  • sendToRepeater Fails to Set Tab Caption for First Request

    As the subject states, the first call to IBurpExtenderCallbacks.sendToRepeater() will not rename the numbered tab in the repeater to the last parameter (the tab caption string). Subsequent calls to sendToRepeater do set the tab caption properly, but the first call will not. It is particularly frustrating because Burp insists on having at least one request in the repeater, even if it is empty, s...

    2 Agent Answers    0 Community Answer
    Jan 06, 2017 04:23PM UTC
  • BApp Store queries

    Hi Guys, I have a few questions regarding the BApp extensions if some one could answer or redirect. 1. What are the measures taken that the code in the extension are secure.? 2. What is the process of uploading a new extension? 3. Are there any checklist like apple store while uploading?

    1 Agent Answer    0 Community Answer
    Dec 30, 2016 08:37AM UTC
  • IScanIssue vs. IBurpCollaboratorInteraction

    Now that Extender plugins can use collaborator, it can be used to identify issues. The built-in active scanner can use this to attach the relevant interactions to the reported issue. Based on the IScanIssue interface, I can see no such method to implement for Extender plugins. Am I looking at the wrong place?

    1 Agent Answer    0 Community Answer
    Dec 29, 2016 08:21PM UTC
  • Extender API Parameters

    Hi! I'm developing an extension and I was wondering how can I get the vulnerable parameter for an issue. For example, in a Cross-site scripting as the one in the picture (http://imgur.com/a/aKqn9), is there a method to get only the vulnerable parameter and not all of them? Also, is this documentation up to date? https://portswigger.net/burp/extender/api/allclasses-noframe.html

    1 Agent Answer    0 Community Answer
    Dec 28, 2016 06:11PM UTC
  • Monitor new issues and create issues based on them

    Hello, I am attempting to write my first burp extension in Python, but I found myself stuck at adding issues to the list of findings. Basically, my code is monitoring for new issues within newScanIssue(self, issue) in the BurpExtender() class, and performing some task based on the issue type, etc. This is working fine and the core function is implemented, however results are printed to the c...

    1 Agent Answer    0 Community Answer
    Dec 22, 2016 02:25PM UTC