Burp Extensions

Make a new post

  • Making a custom extender interface

    Hi to all! Im currently creating a burp extension and I was wondering if there was any way to make an interface for it (Not just print things into the extender console). I read something about some drag and drop feature for creating custom interfaces for extensions but I have not been able to find anything official about it. Does this feature exists and, if it does not, is it possible to eas...

    1 Agent Answer    0 Community Answer
    Sep 19, 2019 04:35PM UTC
  • Packing/Unpacking custom POST data format for Active Scans

    I'm trying to write an extension to test a mobile API endpoint that uses a homebrew message level encryption format. Basically there is a pre-shared AES key between the mobile app and the server, and the JSON POST data gets AES encrypted before the request is sent. I want to transparently decrypt and re-encrypt this data so the active scanner can inject into the encrypted payload. Is this fea...

    1 Agent Answer    0 Community Answer
    Sep 18, 2019 09:57PM UTC
  • trigger an active scanning programatically

    Dear burp team, From an extension I would like to firstly do an passive scanning. Once the application was scanned then I would like programatically for each (passive) request to do an active scanning. The goal of all this is that Burp is used by tests; so all the passive scanning requests are triggered by automatic tests. When the tests are over we would like to re-run teh same HTTP request...

    2 Agent Answers    1 Community Answer
    Sep 09, 2019 03:59PM UTC
  • Bapps folder and non BApp store extensions

    Hey guys, I have a question on how Burp installs extensions from BApp store vs local extensions. It looks like for ones installed from the store, Burp stores them under the bapps folder. However for locally sourced ones, it has a zip file in the temp directory. Why's is like this? I'm asking this because, I need to package a Burp extension which has the UI in Java but uses Python/J...

    2 Agent Answers    1 Community Answer
    Sep 02, 2019 11:05PM UTC
  • how can I add the resulting of this a burp plugin to the sitemap?

    Hi I made a burp plugin to convert get to post and post to get and it is working when I am scanning the web app but how can I add the resulting of this plugin to the sitemap? this is my burp plugin: https://github.com/mohammed-sec2010/plugin

    1 Agent Answer    0 Community Answer
    Aug 27, 2019 08:51AM UTC
  • Burp Extensions Distribution

    Hello, Can you please help with the question at https://support.portswigger.net/customer/en/portal/questions/17629848-packaging-burp-extensions?new=17629848? Not sure if it's not answered as there is a reply post which might count as an answer?

    1 Agent Answer    0 Community Answer
    Aug 27, 2019 12:17AM UTC
  • Packaging Burp Extensions

    How are we supposed to package extensions that require both Java and Jython? I've an extension which uses 2 python projects and those 2 use python modules like six. How should I package it for distribution?

    2 Agent Answers    1 Community Answer
    Aug 25, 2019 02:18AM UTC
  • How to integrate Scan Check Builder integration with Burp Extension API

    How to integrate Scan Check Builder integration with Burp Extension API? I'm able to submit active scans by selecting profile manually through tool. But I want to integrate Scan Check builder with Burp Extender API to submit scans through API. Can you explain the steps on how to do? I'm able to pass multiple insertion points and perform active scan through api using LegacyBurpExtende...

    1 Agent Answer    0 Community Answer
    Aug 22, 2019 10:41PM UTC
  • Accessing marker indexes from Intruder Payload

    Hello Support, I am trying to grab the indexes from a user created Intruder payload but it doesn't seem like it is possible within the APIs. If I already have markers I can apply them to a IHttpRequestResponse object with applyMarkers() but I need to do the reverse. Is there a way to get this information?

    2 Agent Answers    1 Community Answer
    Aug 14, 2019 08:02PM UTC
  • Serializing IScanIssues

    Hello Support Team, So I have created an implementation of IScanIssue but I am getting errors when trying to JSON encode the class like this: "java.lang.IllegalArgumentException: jdk.internal.ref.PhantomCleanable<?> declares multiple JSON fields named next" Here is my class: package teamExtension; import burp.IHttpRequestResponse; import burp.IHttpService; import b...

    2 Agent Answers    1 Community Answer
    Aug 14, 2019 07:45PM UTC