Burp Extensions

• Burp Suite Automation

  Hi All We are trying to automate to test various vulnerabilities like xpath injection,sql injection, Cross-site scripting etc. We have referred the following link https://www.we45.com/blog/automating-burp-with-jenkins We have tried through burp-rest-api as well as carbonator The issue is that we are not able to select the individual scan types (xpath injection,sql injection, Cross-sit...

  2 Agent Answers    1 Community Answer

  Oct 14, 2019 01:09PM UTC
• Old version of AutoRepeater in the BApp store

  Hello, extension AutoRepeater is available in the BApp store as version 1.0 from April, 4th 2018. The latest commit from the original repository https://github.com/nccgroup/AutoRepeater was on July 27th, 2019. Any plans to sync the BApp store with the original repository? Plenty of features are currently missing, including the ability to colorize logs. Nicolas

  1 Agent Answer    0 Community Answer

  Oct 05, 2019 01:29PM UTC
• Trouble integrating requests python library and jython

  Im currently building a burp extension using Jython. At one point I basically get URLs from the proxy Tab and make an additional request with that url+someEndpoint with the Python Requests library. The extension works fine if I use the URL that "comes" from proxy tab, something like this. requests.get(str(requestInfo.getUrl())) But when I, for example, want to get the "sour...

  1 Agent Answer    0 Community Answer

  Oct 02, 2019 01:29PM UTC
• Add Custom Headers stopped to work.

  Hi Guys! Any changes in Add Custom Headers extension? It stopped to work on Linux/Windows/1.7 and 2.X Burp versions. (:

  2 Agent Answers    2 Community Answers

  Sep 30, 2019 10:37AM UTC
• Headless burp authenticated scans

  How can I perform an authenticated scan using headless burp?

  1 Agent Answer    1 Community Answer

  Sep 25, 2019 07:08PM UTC
• CO2 extension

  Hello, may I know whether it is free to install the co2 extension in burp suite professional? thanks

  1 Agent Answer    0 Community Answer

  Sep 25, 2019 02:13AM UTC
• Can I Dynamicly Proxy a Https Request in Burp Extention?

  I am writing a random ip proxy extention to handle the problem of bloking ip when exceeding target's request rate limit.But i fount the setHttpService isn't work when the request is https.what can i do now? only open burp with proxychains-ng tool globally? it's not convenient.

  1 Agent Answer    0 Community Answer

  Sep 22, 2019 03:15PM UTC
• Making a custom extender interface

  Hi to all! Im currently creating a burp extension and I was wondering if there was any way to make an interface for it (Not just print things into the extender console). I read something about some drag and drop feature for creating custom interfaces for extensions but I have not been able to find anything official about it. Does this feature exists and, if it does not, is it possible to eas...

  1 Agent Answer    0 Community Answer

  Sep 19, 2019 04:35PM UTC
• Packing/Unpacking custom POST data format for Active Scans

  I'm trying to write an extension to test a mobile API endpoint that uses a homebrew message level encryption format. Basically there is a pre-shared AES key between the mobile app and the server, and the JSON POST data gets AES encrypted before the request is sent. I want to transparently decrypt and re-encrypt this data so the active scanner can inject into the encrypted payload. Is this fea...

  1 Agent Answer    0 Community Answer

  Sep 18, 2019 09:57PM UTC
• trigger an active scanning programatically

  Dear burp team, From an extension I would like to firstly do an passive scanning. Once the application was scanned then I would like programatically for each (passive) request to do an active scanning. The goal of all this is that Burp is used by tests; so all the passive scanning requests are triggered by automatic tests. When the tests are over we would like to re-run teh same HTTP request...

  2 Agent Answers    1 Community Answer

  Sep 09, 2019 03:59PM UTC