Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

 New Post View All

Feature Requests

 New Post View All

Burp Extensions

 New Post View All

Bug Reports

 New Post View All
Support Home
Getting Started

Getting Started with Burp Suite

Getting Started Home
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Documentation Home
Knowledge Base
Training

Burp Suite Training

Troubleshooting
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility
Burp Extender Home
BApp Store
Release Notes
Support Center Burp Extensions

Burp Extensions

Make a new post

  • BurpSuite Professional 1.7.23 hangs during extensions loading

    Hi, After upgrading my Parallels Kali 2.0 VM from BurpSuite Pro 1.7.21 to 1.7.23 I noticed that whenever I want to install and load new extension BurpSuite hangs and enters something like deadloop. I tried few things (bigger -Xmx value, Oracle Java) but nothing helped so far. It occurs on fresh installation of BurpSuite Pro 1.7.23 without any extensions and without Jython/JRuby support. Rega...

    1 Agent Answer    0 Community Answer
    Jun 05, 2017 09:36AM UTC
  • Does not having BS Professional license impact Burp Extender?

    Question is quite specific enough, but to elaborate, I basically plan on writing something to visualize the sitemap better, and in a aesthetically-pleasing fashion. So obviously the only information I need access to would be the sitemap, *unimportant: eventually converted to JS object format with a style I've already created*. Anyways, back on topic... any limitations I need to watch out for...

    1 Agent Answer    0 Community Answer
    Jun 04, 2017 08:41PM UTC
  • BLAZER

    Hi, I am testing a Flash application, I cam across AMF and Blazer extender. I would like to test AMF using Blazer, I am looking for a tutorial or some documentation for how to use Blazer. It would be great if you could help me in it.

    1 Agent Answer    0 Community Answer
    May 31, 2017 05:29PM UTC
  • "ImportError: No module named os" with Headers Analyzer extension.

    Hi, I'm running the latest Burp Suite Pro (1.7.23) on Kali Linux rolling 2017.1. After installing "Header Analyzer" extension i'm unable to start it. I get an error: #### Traceback (most recent call last): File "<string>", line 1, in <module> ImportError: No module named os at org.python.core.Py.ImportError(Py.java:304) at org.python.core...

    1 Agent Answer    1 Community Answer
    May 25, 2017 10:20AM UTC
  • Method to Pause/Unpause Scanner

    Does the API include methods for an extension to pause and unpause the scanner? I have searched the Javadocs but didn't find any. My scenario is an extension that implements ISessionHandlingAction to re-login the user when the session times out. I would like to pause the scanner while the login is happening so that it doesn't issue a bunch of requests with a stale session. Is the...

    1 Agent Answer    0 Community Answer
    May 24, 2017 07:05PM UTC
  • How do I highlight requests in a custom ITextEditor?

    I am writing a extension that adds a IMessageEditorTab to each request that displays a modified HTTP body. The base of the code is very similar to https://github.com/PortSwigger/example-custom-editor-tab/blob/master/java/BurpExtender.java. How do I get the ITextEditor to colorize the HTTP request the way it does in the raw tab?

    1 Agent Answer    0 Community Answer
    May 19, 2017 09:41AM UTC
  • SAXParser Dependency Delimma

    Hi guys, I'm in the process of writing a Burp extension in Python, and one of the dependency libraries makes use of the "xml.etree.cElementTree" module to parse XML markup. The problem is that any call to the "xml.etree.cElementTree.parse" function causes Jython to raise the following exception "java.lang.ClassNotFoundException: org.apache.xerces.parsers.SAXPars...

    4 Agent Answers    3 Community Answers
    May 19, 2017 08:02AM UTC
  • Extension for session handling not loaded

    Hi, I use Extensions together with Makros and Makro-Postprocessing Extensions (for Session Management und Relogin). Generell the concept works. From time to time (every other our) I get alerts ("Configured Burp extension session handling is not loaded: ...") To fix this, I currently reconfigure the Session handling rule to remove the extension action handler, restarts burp, add ...

    4 Agent Answers    4 Community Answers
    May 12, 2017 09:37AM UTC
  • Override final ActiveScan values to insert custom payload?

    Is there a way to override ActiveScan checks or the order of checks so a custom check is run last? I'm trying to detect a certain type of XSS attack in our application where we're using Selenium to detect if javascript actually executes or not. I'm trying to find a way to keep my custom attack in all the fields long enough to run the selenium checks. Either by putting it at the e...

    1 Agent Answer    0 Community Answer
    May 08, 2017 03:44PM UTC
  • IContextMenuInvocation - getSelectedMessage of original request / response

    Hi I have added a custom context menu item, which reads the selected text of the currently open request / response. So far so good, however in the history view of Burp, when i have three tabs, i can only differentiate between Edited Request and Response. This means if the user has the Original Request Tab open and uses the context menu, the Edited Request text is returned from ihrr.getRequest...

    2 Agent Answers    1 Community Answer
    May 05, 2017 11:42AM UTC

© 2017 PortSwigger Ltd. | Company | Blog | Careers | Legal | Contact | Follow us @Burp_Suite