Burp Extensions

Make a new post

  • Scanning a site with basic authorization (Burp suite enterprise Rest API)

    Hello. I want to scan sites where basic authorization is installed. What tokens can I use in building a curl request for basic authorization? curl -vgw "\n" -X POST 'http://burp.link.to.rest.api/v0.1/scan' -d '{ (???basic auth???) "scan_configurations":[{"name":"Audit checks - all except Java ....... Thank You! Regards.

    3 Agent Answers    2 Community Answers
    May 30, 2019 07:53AM UTC
  • Scan Summary Report into Jenkins

    I am currently running scans using burp enterprise from Jenkins. The scan completes and a report is available on burp enterprise server. But how do I get this report to be displayed in Jenkins?

    2 Agent Answers    1 Community Answer
    May 28, 2019 02:52PM UTC
  • ci integration with burp suite

    Hi team, Our company recently bought professional burp suite. We need to integrate the burp suite and Jenkins. I want to know how the reports will be generated and send to us, as we don't have access to Jenkins. What will be the pre-requisite for integration and report management? Thanks

    1 Agent Answer    0 Community Answer
    May 24, 2019 10:37PM UTC
  • Burp 2.0 extension-only audit

    I have a local page that I use to test for LFI attacks, when I used to run active scan against this page in Burp 1.7.37, I get the attack detected by different extensions, e.g. J2EEScan. I tried to scan the same page in Burp 2.20beta with the extension-only audit. However, I got no results and by checking the logs I don't see any of the extension packets, only maybe Active Scan++ but no J2E...

    3 Agent Answers    2 Community Answers
    May 19, 2019 07:56PM UTC
  • Issue in loading jython files to burp

    hello, I am seeing errors when I try to load burp extensions jython format, below is the error I see: java.lang.Exception: Failed to load Python interpreter from Jython JAR file at burp.cs3.<init>(Unknown Source) at burp.fii.a(Unknown Source) at burp.grb.lambda$panelLoaded$0(Unknown Source) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) a...

    1 Agent Answer    0 Community Answer
    May 11, 2019 08:46PM UTC
  • how to pass a file with URLS to SSLScanner

    Hi fellow Burp suite users, I am using the SSL Scanner extension with Burp Suite and I wander if anyone has a script that can read a list of URLs from a file and then pass one item at a time to the SSL Scanner, run the scan, save the report to file, and repeat for the next item in the list. I am a new user of BurpSuite so any help and guidance will be much appreciated. Regards Dimitris

    1 Agent Answer    0 Community Answer
    May 08, 2019 03:11PM UTC
  • What class/parameter makes the extensions be part of the scanner "Follow redirection when neces...

    Hi guys, I have an extension here and I am looking for a reflective value, although when I look at flow or logger++ the 302 is hit but never followed after the POST. Is there a special trick to have the extension follow the redirects when using IScannerCheck & doActiveScan? Thank you very much!

    2 Agent Answers    3 Community Answers
    Mar 14, 2019 07:26PM UTC
  • OpenAPI Parser

    I am not able to get the OpenAPI Parser to work. I keep getting an error message saying that "The OpenAPI specification contained in <file name> is ill formed and cannot be parsed". However, the very same file can be imported without any issue in tools like Postman. Any similar experience or suggestions? Thanks.

    2 Agent Answers    3 Community Answers
    Mar 13, 2019 03:08AM UTC
  • Auditing not calling doActiveScan(...) method via Extensibility API

    Hi folks, I am currently trying to learn the Burp Extensibility API using this example (in Java); https://github.com/PortSwigger/example-scanner-checks and getting stuck with something. With latest Beta version of Burp v2b18, is there a way to automatically spider+audit the server.js, that will display the vulnerability "Pipe Injection"? When I perform an audit I see that doPa...

    4 Agent Answers    4 Community Answers
    Mar 11, 2019 04:38PM UTC
  • Burp suite render

    Burp render

    1 Agent Answer    0 Community Answer
    Feb 23, 2019 06:37AM UTC