Burp Extensions

Make a new post

  • Manual Install of Burp Extension

    Hi, I hope I didn't miss it anywhere on the website, but I couldn't find how to install a local Jython extension in Burp through the Manual Install-button in the BApp Store tab. The extension runs fine in Extender->Extensions, and then add it there. The reason I'd like to install it, is because the paths that I need for specifying are different ones for different extensions. A...

    4 Agent Answers    3 Community Answers
    Dec 11, 2015 11:25AM UTC
  • NotImplementedError with latest Jython release

    The following change for the latest Jython release might break some UI-centric extensions: "Abstract methods of an inherited class or interface from Java now raise NotImplementedError, instead of returning None (in Java, null) or some "zero", if they are not implemented in the extending Python class." source: http://www.jython.org/latest.html As described, if your Burp e...

    0 Community Answer
    Dec 10, 2015 07:37PM UTC
  • IRequestInfo getHeaders

    Why does the getHeaders method return a list<String> instead of a HashMap<String,String>. I think that everyone using getHeaders is now doing extra parsing on the list of strings since the normal usage would be something like this: headers = info.getHeaders(); String content-length = headers.get("content-length"): The List<String> is really unpractical and I am c...

    3 Agent Answers    4 Community Answers
    Dec 03, 2015 03:08PM UTC
  • IExtensionHelpers.makeHttpRequest() with cookies

    It appears that IExtensionHelpers.makeHttpRequest(URL) does not include session cookies in the resulting request. How can I construct a GET request that includes the session cookies? Is there a helper method to get all the appropriate cookies for a particular domain/path?

    2 Agent Answers    2 Community Answers
    Nov 20, 2015 09:44AM UTC
  • Scanner vs processHttpMessage (python)

    Dear All, I have the following processHttpMessage() function to modify the scanner requests and check SQLi: def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): # only process requests if messageIsRequest and toolFlag == callbacks.TOOL_SCANNER: if self._helpers.analyzeRequest(messageInfo.getRequest()).getMethod() == 'GET': method = IPara...

    1 Community Answer
    Nov 17, 2015 08:54AM UTC
  • Jython Error for Burp Extension

    Hey, I am trying to configure the jython api for Burp Suite and I am getting the following error. Does anyone know what I can do to fix this? root@osboxes:~/jython-burp-api# java -jar jython.jar -Dpython.path=Lib/ run.py -B burp.jar -i -d -v 2015-11-13 00:13:24,298 - BurpExtender - ERROR - Could not load console tab Traceback (most recent call last): File "/root/jython-burp-api/Lib/bu...

    1 Agent Answer    0 Community Answer
    Nov 13, 2015 05:40AM UTC
  • getComment() not returning comment

    Hey, I've wanted to read the comment of a request/response object. I'm using Jython and Java8. It's an implementation of a passive scanner, and the way I wanted to access: self._requestResponse.getComment() If I print the result it is always a None value, despite having set a comment on that particular RR. Tried it with putting the comment on the RR in the Proxy tab as well...

    1 Agent Answer    2 Community Answers
    Nov 04, 2015 11:39AM UTC
  • Extender API broken link

    Hi, the extender page (https://portswigger.net/burp/extender/) has a link to a 2012 post titled "Writing your first Burp Suite extension" at http://blog.portswigger.net/2012/12/writing-your-first-burp-extension.html which has a link with the text "Download the Burp Extender interface files" but that points to https://portswigger.net/burp/extender/api/burp_extender_api.zip whic...

    1 Agent Answer    0 Community Answer
    Oct 20, 2015 08:03AM UTC
  • Intruder view original payload in the results

    Hello! How can i do to view original payload in the results table intruder, before Processing payload rules. I try to do this: [code="python"] def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): if not messageIsRequest and self._callbacks.TOOL_INTRUDER == toolFlag: messageInfo.setComment("original payload") [/code] But comment ...

    2 Agent Answers    2 Community Answers
    Oct 02, 2015 01:22PM UTC
  • makeHttpRequest is very slow

    Hi all, I'm writing an extension that aims at sending many requests from multiple sessions of different users. Currently, I'm using callbacks.makeHttpRequest(...) to send requests but that method takes a very long time to finish. My server is local and pretty fast, so communication does't take that much of time. Is there any faster way to replace that method? I'm thinki...

    3 Agent Answers    3 Community Answers
    Sep 15, 2015 02:03PM UTC