Burp Extensions

Make a new post

  • Outdated extensions and open pull requests

    Hello, some extensions (like "Add Custom Header") don't have their latest version available in the BAppStore, and that lasts for a few months (and I hate having to maintain private versions) First, I wonder how the process used to update existing extensions works. AFAIK, it isn't explicitly documented. In a previous ticket, I was told that it "is the responsibility o...

    2 Agent Answers    1 Community Answer
    Jan 15, 2020 06:28PM UTC
  • Failed to update Bapp List

    Hi, My burp store list fails to be updated. I am using my employer's proxy settings and it may create some conflicts OR block some traffic. Do you have any work around this problem? Do you know how I can investigate and identify more precisely the issue? Thank you.

    2 Agent Answers    1 Community Answer
    Jan 09, 2020 08:40AM UTC
  • Get All URLs from a Website

    Hello, I am currently writing a burp Extension. I need to get all URLs from the Website before the active Scan. How can I do this? Thanks

    1 Agent Answer    1 Community Answer
    Dec 21, 2019 11:47AM UTC
  • Pause scanner from extension

    Is there any API to pause the scanner from an extension? For example, let's say you are scanning an API with a rate limiter, and your extension can detect that you are getting close to the limit, can it pause the scanner to avoid being blocked?

    2 Agent Answers    1 Community Answer
    Dec 18, 2019 07:37AM UTC
  • Extension load error code

    os win 7 java.lang.ExceptionInInitializerError at org.python.util.PythonInterpreter.<init>(PythonInterpreter.java:100) at org.python.util.PythonInterpreter.<init>(PythonInterpreter.java:94) at org.python.util.PythonInterpreter.<init>(PythonInterpreter.java:71) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructor...

    2 Agent Answers    2 Community Answers
    Nov 27, 2019 09:12AM UTC
  • Extensions are not loading with Burp defaults

    Hi Team, I always use Burp defaults option for configurations while opening/creating projects. I have a few extensions installed such as Retire.js, TokenJar, Active Scan++, etc. What my issue is that all the extensions are getting uninstalled except Active Scan++ and Auth Matrix. I need to reinstall other extensions each time when I open existing or creating new projects. In the case of Aut...

    3 Agent Answers    2 Community Answers
    Nov 25, 2019 05:56AM UTC
  • XML tab "Reparse" Programmatically

    Hi, I would like to know how the "Reparse" button in the request/response "XML" tab reformats XML documents programmatically via Java. Specifically, I am wondering what library(s) are used for this. I am asking for the purpose of incorporating it into current and future Burp Extensions that handle XML documents. While manually reparsing documents in the XML tab is acceptable...

    2 Agent Answers    2 Community Answers
    Nov 24, 2019 08:09PM UTC
  • Burp Extension for Intruder Payload with multiple payload lists

    Hi, I am working on creating a extension for burp suite where a user can choose from a list of payload lists [one list for angular payloads, one list for react payload] according to the framework of the application he is testing. But I am only able to create one payload list per extension using this code https://github.com/PortSwigger/example-intruder-payloads Can you please let me know i...

    1 Agent Answer    0 Community Answer
    Nov 11, 2019 06:11AM UTC
  • Scan Configuration

    I am building an extension that calls doActiveScan and doPassiveScan. Is there a way to specify the scanner configuration. Currently tasks are created and there is a default scanner configuration used named Current auditing configuration. Is there a way to specify the configuration to be used by the scanner. I have tried exporting a scanner configuration and calling loadConfigFromJson but every ti...

    2 Agent Answers    1 Community Answer
    Oct 18, 2019 01:59PM UTC
  • Send to decoder programmaticaly from extensions

    There are methods in IBurpExtenderCallbacks for sending data to - repeater, - intruder, - comparer, and - spider. Why isn't there one for decoder? When writing a custom message editor with a custom editor widget, it'd be better to be able to offer sending a selected chunk to the built-in decoder instead of reimplementing it, poorly. Just like there's already void sendTo...

    2 Agent Answers    2 Community Answers
    Oct 18, 2019 09:32AM UTC