Getting Started with Burp Suite
Burp Suite Documentation
Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.
| Burp Suite Professional and Community editions | Burp Suite Enterprise Edition |
| Burp Scanner | Burp Collaborator |
| Burp Infiltrator | Full Documentation Contents |
Burp Extender
Burp Extender lets you extend the functionality of Burp Suite in numerous ways.
Extensions can be written in Java, Python or Ruby.
| API documentation | Writing your first Burp Suite extension |
| Sample extensions | View community discussions about Extensibility |
Burp Extensions
Make a new post
-
Accessing marker indexes from Intruder Payload
Hello Support, I am trying to grab the indexes from a user created Intruder payload but it doesn't seem like it is possible within the APIs. If I already have markers I can apply them to a IHttpRequestResponse object with applyMarkers() but I need to do the reverse. Is there a way to get this information?
1 Agent Answer 0 Community AnswerAug 14, 2019 08:02PM UTC -
Serializing IScanIssues
Hello Support Team, So I have created an implementation of IScanIssue but I am getting errors when trying to JSON encode the class like this: "java.lang.IllegalArgumentException: jdk.internal.ref.PhantomCleanable<?> declares multiple JSON fields named next" Here is my class: package teamExtension; import burp.IHttpRequestResponse; import burp.IHttpService; import b...
1 Agent Answer 0 Community AnswerAug 14, 2019 07:45PM UTC -
Error "Request was dropped by the user" in Custom tab while using Burp extender
Hi, I am new to building burp plugin, I have implemented a message editor, but when I toggle the interceptor on and off, I get an error in the text editor itself: Error: "le>Burp Suite Professional</title> <style type="text/css"> body { background: #dedede; font-family: Arial, sans-serif; color: #404042; -webkit-font-smoothing: antialiased; } #container { paddi...
1 Agent Answer 1 Community AnswerAug 13, 2019 03:50PM UTC -
Failed to load Python interpreter from Jython JAR file
Hello Dear, I am facing an error. I am not able to add my extension in Burp. I am getting the follow error: java.lang.Exception: Failed to load Python interpreter from Jython JAR file at burp.a3t.<init>(Unknown Source) at burp.gcg.a(Unknown Source) at burp.ao3.lambda$panelLoaded$0(Unknown Source) at java.lang.Thread.run(Unknown Source) Please help me out. Thank&#x...
1 Agent Answer 0 Community AnswerAug 12, 2019 07:43PM UTC -
How to set active scanner insertion points
I'm trying to set custom insertion points for the header,query param and body parameters. Currently I'm using active scan method by passing manually caluculated offsetlist. LegacyBurpExtender.getInstance().getCallbacks().doActiveScan(host,80, false, buildRequest,offSetList); Is there any method to registerinsertion point in the payload and submit active scan?
1 Agent Answer 0 Community AnswerAug 09, 2019 05:32PM UTC -
buildParameter not working
I built the HttpRequest using buildHttpMessage method and trying to add Cookie and Body param using LegacyBurpExtender.getInstance().getHelpers().buildParameter and addParameter and updateParameter methods and it is not working. Below is the code snippet, buildRequest = helpers.buildHttpMessage(headers,bodyObject.toString().getBytes()); IParameter testParam = helpers.buildParameter("test&qu...
1 Agent Answer 0 Community AnswerAug 08, 2019 08:46PM UTC -
Carbonator scans not accurate
I just downloaded Carbonator extender through bapp and have use the command ./burpscan.sh http 127.0.0.1 80 /DVWA/vulnerabilities/ This launched burp UI and I checked that the scan does not detect SQL Injection, XSS or any other vulnerabilities. But when I use the manual way of proxy and sending it to active scanner it was able to detect those vulnerabilities. Is there any way in fixing this is...
1 Agent Answer 1 Community AnswerAug 02, 2019 04:34AM UTC -
Persist IBurpCollaboratorClientContext
Hi, is there a way to persist IBurpCollaboratorClientContext object? When I reload my extension and get IBurpCollaboratorClientContext with callbacks.createBurpCollaboratorClientContext method it still fetches interactions made with payloads generated before extension reload. But when I exit burp and run it again, interactions from previous payloads are not fetched. Is it possible to get them ...
3 Agent Answers 3 Community AnswersJul 25, 2019 03:41PM UTC -
Testing environment
Hi, I'm developing an extension and by this time got annoyed of development process where I need to restart extension to see the changes applied. Is there any way I could set up a testing environment where I could import burp classes/interfaces and test on them. Of particular interest is methods of IExtensionHelpers with analyze methods and different methods that modify request/response? I...
1 Agent Answer 0 Community AnswerJul 20, 2019 03:26PM UTC -
Python extension import package error
Hello, I've run into an application that AES encrypts the body of HTTP requests and responses, I am writing an extension to decrypt and encrypt the payloads. I am writing the extension in Python and I receive an error when importing pycryptodome's AES module. I have moved AES.py into /usr/local/lib/python2.7/site-packages/ as the Crypto.Cipher.AES module is not recognized otherwis...
1 Agent Answer 0 Community AnswerJul 11, 2019 09:48PM UTC