Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Monitor new issues and create issues based on them

Charles | Last updated: Dec 22, 2016 02:25PM UTC

Hello, I am attempting to write my first burp extension in Python, but I found myself stuck at adding issues to the list of findings. Basically, my code is monitoring for new issues within newScanIssue(self, issue) in the BurpExtender() class, and performing some task based on the issue type, etc. This is working fine and the core function is implemented, however results are printed to the console, which is not ideal. What I would like to do is create a new issue to the list of findings in Burp. So I have put this within newScanIssue(self, issue): new_issue = ScanIssue(issue.getHttpMessages()[0], self._callbacks, anotherString1, anotherString2) And then calling addScanIssue(): self._callbacks.addScanIssue(new_issue) The ScanIssue() class contains standard info including a couple strings I'm trying to pass on, i.e. https://pastebin.com/NtRD81Rs But I get these kinds of errors: java.lang.RuntimeException: org.python.core.PyException at burp.qyb.a(Unknown Source) at burp.f1.addScanIssue(Unknown Source) Researching online and on this forum this may mean there is a problem with the request/response messages, but I can't figure out how to fix it. I've tried so many possible variants but I always end up at the same error. So my question is, is there an easy way to make this work? Should I go with a different approach? Is there example code for this exact scenario I can have a look at? Grabbing the details of a specific type of issue is important for this extension to work. I hope this makes sense. Any help would be greatly appreciated. Thanks.

PortSwigger Agent | Last updated: Dec 23, 2016 09:16AM UTC

Have a look at the source code for another extension that creates custom scan issues, for example: https://github.com/PortSwigger/backslash-powered-scanner This will give you some sample code to work from for registering custom issues.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.