Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • byte[] to IHttpRequestResponse

    Hello, I have two byte arrays with a HTTP request and response, and I would like to create a IHttpRequestResponse containing them both, I have been trying to do it with no success, could someone help me please? Thank you

    1 Agent Answer    1 Community Answer
    Nov 16, 2016 02:02PM UTC
  • Burp Extension: Get Focus on Tab after Custom Menu Action

    I've written a Burp Extension to add functionality. Everything works great, but I'm having one very stupid issue. When a user Right-Clicks on a Request/Response the context menu allows them to send these requests to my extension. For the life-of-me, I can't seem to get the Focus to follow the click, so my custom tab is opened up after data is sent to it. Theoretically, it s...

    1 Agent Answer    3 Community Answers
    Nov 16, 2016 03:51AM UTC
  • Saving Settings with Multiple Extensions

    When I save settings for an extension I use the callbacks like this: mCallbacks.saveExtensionSetting("SOME_NAME", "SOME_VALUE"); But is the saveExtensionSetting method aware of which extension saved it? If I create a different extension that saves a setting using the exact same name does that risk overwriting the first one?

    1 Agent Answer    0 Community Answer
    Nov 15, 2016 09:32PM UTC
  • updateCookieJar: Domain cannot be null

    I have written an extension that submits a login, reads a cookie in the response, and adds it to the cookie jar. The cookie in the response does not include a domain attribute. Set-Cookie: token=znNMQ6l4WvwAQDdmu1rIMxWHiC84Hy4YJ4B1vgQ05oPPuKh-SxG3g_DjhfRbgaTDqMCmAFnUQ9_3M; Path=/; Expires=Wed, 16 Nov 2016 00:16:39 GMT; HttpOnly; Secure I get the cookie as an ICookie from the response: I...

    1 Agent Answer    1 Community Answer
    Nov 15, 2016 12:40AM UTC
  • Add a relative url to a scoped domain

    I'm trying to dynamically add relative URLs to a scoped domain using the addToSiteMap() method via the python api and am having a lot of trouble. addToSiteMap(IHttpRequestResponse item) It requires an IHttpRequestResponse object which can be retrieved using... * getProxyHistory() * getSiteMap(java.lang.String urlPrefix) * makeHttpRequest(IHttpService httpService, byte[] request) ...

    1 Agent Answer    1 Community Answer
    Nov 03, 2016 08:36PM UTC
  • ISessionHandling - use toolflags to find out where the request comes from

    Hello, something really cool is, that the IHttpListener interface provides a method: " processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) " where you can use the toolFlag variable to find out where the request comes from (Proxy,Repeater etc.) I was wondering if I could use this (toolFlags) somehow in the peformAction()-Method? Is it p...

    2 Agent Answers    1 Community Answer
    Nov 02, 2016 01:22PM UTC
  • Macro

    Hopefully this question isn't too stupid but, is it possible to run a macro from an extension? I'm trying to set up an automation process where burp will run my extension, the extension will run a login macro and then analyze the results. Thanks

    2 Agent Answers    1 Community Answer
    Nov 01, 2016 12:25PM UTC
  • Pasting dynamic generated text into an intercepted HTTP request / response

    Hi everyone I am attempting to add a new feature to my extension. Basically I would like to add dynamic generated text (for instance plain HTML) into an intercepted HTTP request or response. Currently I am not sure what is the best (or easiest) way to achieve this. It would be nice if I am able to implement it like the following: 1. The user enables the HTTP interceptor 2. The user sele...

    1 Agent Answer    1 Community Answer
    Oct 29, 2016 02:22PM UTC
  • ISessionHandling - detect if proxy is clicked in the tools scope (programmitacally) - Java

    Hello, I would like to know, if there is a solution for detecting, if the checkmark is clicked on "Proxy (use with caution)" in the session handling rule editor (programatically) ? I am using the ISessionHandling interface to manipulate some requests and I have one method which should be only called, when the checkmark is clicked (something like isProxyActive...). I also would li...

    3 Agent Answers    3 Community Answers
    Oct 27, 2016 07:10AM UTC
  • Type is showing up as "Legacy Java" ??

    Hi, I am just starting to learn about writing extensions for Burp and am using Eclipse/Java. I have built and run my first "Hello World" extension and am wondering why Burp is showing it as "Legacy Java" on the Extender/Extensions tab. Is it because I have added the BurpSuite jar to my project by going to Project->Properties on the top toolbar, selecting "Java Build ...

    1 Agent Answer    0 Community Answer
    Oct 25, 2016 04:58PM UTC