Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Log for Extension tool (an interaction between ext tool and burpsuite)

Vinay | Last updated: Oct 31, 2017 10:06PM UTC

We are running into a unique issue where Burpsuite is reporting no issue (which is not expected - knowing our AUT), and to troubleshoot further is it possible to see details logs between Burp extender tool and Burpsuite? I enabled logging under Project options --> Misc for "Extender": Request and Responses, however not seeing anything reported in this log. I have tried Custom Logger as well, to see interaction between our extender (Parasoft SOAtest Burpsuite) but all I see the logging from "Scanner" tool. Thanks, Vinay

PortSwigger Agent | Last updated: Nov 01, 2017 09:03AM UTC

Hi Vinay, Thanks for your message. For this scenario, we recommend either Flow or Logger++ which are both available in the BApp store. Please let us know if you need any further assistance.

Burp User | Last updated: Nov 01, 2017 10:37PM UTC

I tried both Flow and Logger++, and they only shows "Scanner" tool. Just to clarify, our application talks Burpsuite via custom Burp Extender. Can I be able to see Burp Extender tool communication to Burpsuite tool in such log?

PortSwigger Agent | Last updated: Nov 02, 2017 09:10AM UTC

Hi Vinay, Flow lets you configure the capture source; one of the options is Extender - although this is on by default. Do you know how the extension sends HTTP requests? It must use callbacks.makeHttpRequest() for it to go through Burp. If it uses something else, like URL.openConnection() then Burp won't see the traffic. I have a feeling it does the latter. I'm not familiar with this extension; I don't think I can even download load it without a Parasoft license. You may get a more helpful response from Parasoft support. Please let us know if you need any further assistance.

Burp User | Last updated: Nov 02, 2017 04:29PM UTC

Thank you Paul for advising on this. Now it makes sense why I am not seeing logging for our extension. Thanks for your time. -Vinay

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.