Burp Extensions

Make a new post

  • Issue and question when implementing a ScannerInsertionPointProvider

    Hi, Earlier this week I implemented a ScannerInsertionPointProvider to allow the active scanner to scan the custom type of multi-value parameters used by an application I was testing. Basically some parameters contained multiple values separated by one of a few separator characters (usually a special character like ~, _, ! etc.) where each value was then handled separately by the application. T...

    1 Agent Answer    1 Community Answer
    Jul 02, 2016 03:51PM UTC
  • lack of "/" in InsertionPoint

    Hi, Burp Support Team I am trying to write an extension to improve activeScan. But I encountered a problem. When I sent http://example.com/test to activeScan, my extension can receive insertionPoint of type 0x25(INS_URL_PATH_FILENAME) and it's value is "test". But When I sent http://example.com/ to activeScan, my extension can not receive insertionPoint of type 0x25(INS_UR...

    1 Agent Answer    0 Community Answer
    Jun 28, 2016 05:22PM UTC
  • Custom issues in Burp-report

    Hi Team, I have created an extender. Now, I want to run my extender along with active scan. What are all the steps to be followed? Request your guidance/support for the above said query. Thanks in advance. Regards, Subash.T

    1 Agent Answer    0 Community Answer
    Jun 09, 2016 07:02AM UTC
  • Building a Burp Intruder extension that generates multiple payloads for a single request.

    I'm working on a Burp Intruder extension for pen-testing our own custom API. As part of the protocol, a HMAC is generated by the client and added to the header, along with another custom header parameter. The body contains a number of JSON fields, the values of which are also used in the HMAC. I need to generate the HMAC from the JSON body and the custom header parameter for each request,...

    1 Agent Answer    0 Community Answer
    May 11, 2016 06:44AM UTC
  • Burp Extender socks5

    I want to developer extender by jython, The Extender is port scan. I want all the traffic through socks5, How do i

    1 Agent Answer    0 Community Answer
    May 11, 2016 04:53AM UTC
  • Variable Persistence

    Is there a way to persist a variable between requests in an extension? For example I want to take a parameter from one response and then in a later request use this to calculate a different parameter? The value which needs to be sent in the later request is based on the first response, but I need to do some calculations on it first so I can't just save it using a macro and replay it later.

    1 Agent Answer    1 Community Answer
    May 09, 2016 09:27PM UTC
  • Burp Extension

    I am trying to create a burp extension which scans for particular text in the response. Now I want this text to be dynamically defined by the user. How do I do that ? As in consider search functionality as extension which monitors all your responses and search for the keywords you want it to search . Whats tha best approach here ?

    1 Agent Answer    0 Community Answer
    May 09, 2016 10:07AM UTC
  • Manual Scan Issues Extension exception with Burp 1.7

    java.lang.NullPointerException at burp.BurpExtender.createMenuItems(BurpExtender.java:76) at burp.nbd.a(Unknown Source) at burp.bmc.a(Unknown Source) at burp.ofc.a(Unknown Source) at burp.ofc.a(Unknown Source) at burp.v7.a(Unknown Source) at burp.v7.mouseReleased(Unknown Source) at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source) at java.awt.Component.processMouseEv...

    1 Agent Answer    0 Community Answer
    Apr 25, 2016 08:40PM UTC
  • Modify Response depending on request

    Hi I need to write a python extension to modify responses depending on what the actual request was. Responses coming from server may be the same for different requests (like 400 Forbidden). I am using the IProxyListener interface, but I see that it handles requests and responses separately, ie(message is request OR message is not request) How can I adjust my response based on the what the ...

    1 Agent Answer    0 Community Answer
    Apr 07, 2016 01:54PM UTC
  • extension - Burp-hash

    I've been using the Burp-hash extension but its starting to be unreliable. Is anyone else getting a lot of false Issues reported with the Burp-hash extension? I get the following often and its not even valid within itself. Issue detail The REQUEST contains a SHA-384 hashed value that matches an observed parameter. Observed hash: 933dc2a4011e4e919771d764300888ad70d70357000000004...

    1 Agent Answer    0 Community Answer
    Apr 06, 2016 10:46PM UTC