Burp Extensions

Make a new post

  • Python extension import package error

    Hello, I've run into an application that AES encrypts the body of HTTP requests and responses, I am writing an extension to decrypt and encrypt the payloads. I am writing the extension in Python and I receive an error when importing pycryptodome's AES module. I have moved AES.py into /usr/local/lib/python2.7/site-packages/ as the Crypto.Cipher.AES module is not recognized otherwis...

    1 Agent Answer    0 Community Answer
    Jul 11, 2019 09:48PM UTC
  • Request interception

    Hi there, I'm aware that if you register a IHttpListener you are able to intercept requests before they are sent out. Is it also possible to intercept a request prior to assigning it a tool, for example, the scanner? The purpose is to exclude certain parameters from the initial request, send the result of that to the scanner and as soon the scanner is done; the initial parameters are ad...

    1 Agent Answer    1 Community Answer
    Jul 05, 2019 01:11PM UTC
  • IMessageEditorTab check Tool

    I'm trying to create a simple jython extension to run a regex against the HTTP response and extract key fields into a new IMessageEditorTab. Is there anyway in IMessageEditorTab.isEnabled or IMessageEditorTabFactory.createNewInstance to check which Tool you're in? I only want the tab created in Repeater (and ideally with a different regex per tab). On a big project it's killing burp...

    1 Agent Answer    0 Community Answer
    Jul 02, 2019 11:46AM UTC
  • Session dies while scanning

    Guys, I have this very general problem. I did a search across the google, but did not find a proper solution. This is what I have done: I have created a session validation under Projects->Sessions Under that, I have a macro, which checks if the session is invalidated, if yes, it would re-execute the requests, which will create a new session So far good. Now, when I do a scan from t...

    1 Agent Answer    0 Community Answer
    Jun 27, 2019 12:34PM UTC
  • System.exit() kills Burp

    I'm building an extension that will call a Java command line program from within Burp (by calling the main() method). Unfortunately, when the command line tool finishes, it calls System.exit(0); which doesn't just kill the CLI, it also kills Burp entirely. Is there a way to prevent this in Burp? As a side question, when extensions are submitted to the BApp Store do you check for thin...

    1 Agent Answer    0 Community Answer
    Jun 25, 2019 09:38PM UTC
  • Unable to edit the content headers

    What is wrong in the below code ? I do not see the request getting edited as I don't find the 'Edited Request' tab at all: package burp; import java.io.PrintWriter; import java.util.List; public class BurpExtender implements IBurpExtender, IHttpListener, IProxyListener { // // implement IBurpExtender // private IExtensionHelpers helpers; PrintWri...

    1 Agent Answer    1 Community Answer
    Jun 25, 2019 01:14PM UTC
  • Output in the UI

    This is my code: package burp; import java.io.PrintWriter; import java.util.List; public class BurpExtender implements IBurpExtender, IHttpListener, IProxyListener { // // implement IBurpExtender // private IExtensionHelpers helpers; PrintWriter stdout; @Override public void registerExtenderCallbacks(IBurpExtenderCallbacks callbacks) { s...

    1 Agent Answer    0 Community Answer
    Jun 25, 2019 01:10PM UTC
  • Burp Fails to add Jython.jar

    I downloaded and installed Jython-2.7.0 following the link provided by Burp. I try to add this one to Burp and facing the error message: java.lang.ClassNotFoundException: burp.BurpExtender at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:471) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:588) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java...

    1 Agent Answer    1 Community Answer
    Jun 25, 2019 09:01AM UTC
  • Sending an unmodified and a modified HTTP request

    I am trying to write an extension that when the user makes a request the extension will send two requests, an unmodified request so that the browser will load normally and one where a parameter is added at the end of the URL to test the website's response. I have been able to either make the website load but the parameter not being added consistently (sometimes added correctly, sometimes not ...

    1 Agent Answer    0 Community Answer
    Jun 24, 2019 05:20PM UTC
  • BURP CI Driver

    hi, i downloaded Burp CI driver that provides a command-line interface for use by any CI platform. but not able to execute any commands using the jar file also could not find any source in google. could any one suggest on this.

    1 Agent Answer    0 Community Answer
    Jun 13, 2019 01:57PM UTC