Burp Extensions

Make a new post

  • callbacks.makeHttpRequest encode special characters to url encode

    Hi! When I making the requests with special characters, for example <>, the request is encoded with "URL encode". How could I send the request without encoding anything? My code is as follows: for(String payload: payloads){ IHttpRequestResponse test = this.callbacks.makeHttpRequest(httpService,insertionPoint.buildRequest(helpers.stringToBytes(payload))); } The reque...

    1 Agent Answer    0 Community Answer
    Mar 21, 2018 09:04AM UTC
  • API function to check if URL is in scope?

    I have created a custom extension that takes all requests of a certain domain from the sitemap, does some magic on the insertion points and then adds the requests with custom insertion points to the active scanner. I'm having a problem with ensuring that I only add requests that are in scope. Is there an API function that can be called to check if an URL is in scope?

    1 Agent Answer    0 Community Answer
    Mar 13, 2018 09:55AM UTC
  • How is PHP Object Injection is reported by burp extension "PHP Object Injection Check"?

    While scanning the XVWA (Xtreme Vulnerable Web Application) consisting the vulnerability-PHP Object Injection i.e. Insecure Deserialization, burp extension "PHP Object Injection Check" doesn't report with the same name. As burp insert payload PDO object also means plug-in is working, but vulnerability is not getting reported. If there are any prerequisites for using this plugi...

    1 Agent Answer    0 Community Answer
    Mar 01, 2018 08:38AM UTC
  • How to deploy an extension

    Any guides out there on getting started writing extensions? I've found sample extensions and I can build them with Intellij, but I'm not familiar enough with java to create the jar file. Thanks

    1 Agent Answer    0 Community Answer
    Feb 26, 2018 06:50PM UTC
  • Replicator: Not Able to Edit 'Grep Expression' field

    Hi Burp, I have installed the Replicator extension and can send requests to it. However, when creating a replicator file as a tester, I am not able to edit the 'Grep Expression' field or add/select any expression to it. Do I need to make any changes prior to editing the field? Please note I can run the 'Test' and use other buttons(except Save) at this moment. However, i...

    1 Agent Answer    0 Community Answer
    Feb 15, 2018 08:30AM UTC
  • BURP WS-Security SOAP Webservices security testing

    I see the raw request with junk data for one of the operation in Wsdler. I added the Send to Intruder for the request in wsdler operation and when I navigate to Intruder, I encountered an error.Can you please suggest the way how I can add the keystore to make the encryption and decryption successful and how to verify the security of the web services?

    1 Agent Answer    0 Community Answer
    Jan 24, 2018 07:43PM UTC
  • API proxy show as edited request

    Using the "processHttpMessage" method I'm able to edit a request. How can I make this changed request show up in the proxy as an edited request (just like when a request is edited with proxy intercept)?

    1 Agent Answer    0 Community Answer
    Jan 23, 2018 10:58AM UTC
  • CWE field in IScanIssue

    I've noticed that XML exports of scan issues now include a <vulnerabilityClassifications> field that contains CWE information: <vulnerabilityClassifications><![CDATA[<ul> <li><a href="https://cwe.mitre.org/data/definitions/200.html">CWE-200: Information Exposure</a></li> </ul>]]></vulnerabilityClassifications> Noth...

    1 Agent Answer    0 Community Answer
    Jan 12, 2018 09:31PM UTC
  • TSL 1.2

    Hi All, thats my first post on Burp forum! :) I'm here for a noble cause I guess: trying to give TSL 1.2 support to the glorious (and mistreated) Windows XP. It seems infact the only way to do that, is to configure the system proxy, and Burp Proxy seems very good at that... ;) Unfortunately there is a problem: it all works only when HTTP/S Responses come within seconds. If the Response d...

    2 Agent Answers    2 Community Answers
    Jan 08, 2018 08:27PM UTC
  • Burpsuite Pro v1.7.30

    BApp Store - Attack Selector extension - Description has a misspelling: "Qiuick scan"

    1 Agent Answer    0 Community Answer
    Jan 02, 2018 02:49PM UTC