Getting Started with Burp Suite
Burp Suite Documentation
Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.
Full Documentation Contents | Burp Projects |
Suite Functions | Burp Tools |
Options | Using Burp Suite |
Burp Extender
Burp Extender lets you extend the functionality of Burp Suite in numerous ways.
Extensions can be written in Java, Python or Ruby.
API documentation | Writing your first Burp Suite extension |
Sample extensions | View community discussions about Extensibility |
No API stack nor full parameter value when using Infiltrator with a private Collaborator server
[Tested with Burp Suite Pro 1.7.19]
I instrument Jenkins 1.580.2 like that:
java -jar ${JENKINS_HOME}/infiltrator.jar --non-interactive --report-parameter-values=true --report-call-stacks=true --target-paths=/path/to/war/
If I use the public Collaborator server, everything is fine. But when I use my own Collaborator server (using a dedicated domain), I _never_ have the call stack or full parameter value (using Scanner or the manual client). Is that a known limitation of private Collaborator servers? Did I miss something when configuring my Collaborator?
Notes:
- the private Collaborator instance uses a self-signed SSL cert + the SMTPS port isn't reachable
- health check is OK, with some warnings
- I think that instrumentation is OK, because the same patched app works well with a public Collaborator
Thanks in advance!
Adding "--use-http=true" at patch time solved the problem. Adding the cert to the local keystore should have work too (untested).