Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Load an extension headless

Paul Allen Nov 28, 2014 11:35AM UTC

Hi,

I'm trying to build an easy scanner server, and need to configure Burp to scan in headless mode. As we don't have a graphical interface installed on this server, I have to do all things headless.

I would like to load the carbonator BApp in the installation on my Debian 7.6 machine, but have no clue how to do this?

I have copied the folder from my Kali box, and activated the installation properly on the virtual Debian machine (on the same laptop where I have the Kali) but I have no idea how to load the extension into burp right now...

Can you please help me how to register an extension in headless mode, or hint me how to copy an installation with the correct settings?


Liam Tai-Hogan Nov 28, 2014 11:37AM UTC Support Center agent

Hi Paul

Thanks for your message.

Unfortunately, at present the only way to load an extension when Burp is running in headless mode is first to run Burp in non-headless mode, install the extension, ensure the Extender option “Automatically reload extensions on startup” is checked, gracefully shut down Burp, and then restart in headless mode.

A workaround would be to try to copy the relevant Burp preferences from another installation into your headless machine. The preferences are stored in the default Java preferences store, which on Linux is located in the user’s home directory.

FYI, we plan in future to support reload of an existing Burp project / state file via a command line argument, so you could create a suitable project on a non-headless machine, and then reload it on the headless machine.

Please let us know if you need any further assistance.


thec00n Sep 06, 2016 09:55AM UTC
Hi guys,

just read this post. Is there already a better way of doing this?

cheers

Liam Tai-Hogan Sep 06, 2016 11:15AM UTC Support Center agent

Hi

Thanks for your message.

You can use the —project-file command to reload an existing Burp project via a command line argument.

Have you tried creating a suitable project on a non-headless machine, and then reloading it on your headless machine?


thec00n Sep 09, 2016 09:52AM UTC
Hi there,

that is precisely what I am doing. Am creating project setting in Burp GUI, save it and import into headless session. That works fine, expect that the extensions are not captured in the project config. When I run burp in headless mode on another machine the extensions would not get loaded nor do I have the option to configure it. When I start it on the machine the extensions get loaded from the last session. Could u explain how the caching works and what makes Burp load the extensions again?

cheers

Liam Tai-Hogan Sep 09, 2016 01:39PM UTC Support Center agent

Extensions are loaded as part of Burp’s User-level options.

User-level options are stored within the local installation of Burp, and are automatically reloaded each time Burp starts.

So, to run an extension in headless mode you should first run Burp in non-headless mode, install the extension, gracefully shut down Burp, and then restart in headless mode.


thec00n Sep 09, 2016 02:37PM UTC
Hey,


hmm so to sum it up. I can save user options via the UI and can load them again. They actually startup my extensions again.

<-- snippet saved user options

"extender":{
"extensions":[
{
"errors":"ui",
"extension_file":"some.jar",
"extension_type":"java",
"loaded":true,
"name":"something",
"output":"ui"
},

-->

Now there are no command line options to import them again, only project options. Also callbacks.loadConfigFromJson(user_config) does not load them again only the project options. Guys is there no way to load the user options or do I miss something?

Liam Tai-Hogan Sep 09, 2016 03:04PM UTC Support Center agent

Yes, your summation is accurate.

We do plan to provide a command-line option to load a specific extension.

Unfortunately we cannot currently promise an ETA.


test Jun 04, 2018 10:20AM UTC
Any update on this feature?

Post Your public answer

Your name
Your email address
Answer