Burp Extensions

Make a new post

  • Extension which scans a predined list of urls

    Is there a current extension which will take a predefined list of URL's and scan them? I was writing my own extension and I was able to use sendToSpider(url) method to add my URL to the spider but I wanted to know if there a way where instead of sending this URL to the burp spider I can directly send it to the scanner i.e. tell burp to do a scan on this URL.

    1 Community Answer
    Feb 09, 2015 11:21PM UTC
  • Need more info on GUI controls, configuration storing and parameters' parsing for my Burp exten...

    Greetings. I'm trying to compose my first Burp extension, and stumbled upon some problems I haven't been able to resolve with google's help. I have to mention that I'm not so skillfull programmer, also, so I'm in search for simplest solution possible to complete the task (this extension is actually a meaningfull project, I need it asap to do my daily work). I use python a...

    2 Agent Answers    1 Community Answer
    Jan 25, 2015 11:10AM UTC
  • Directory guessing extension for the Scanner

    Is there any way to augment the scanner's capabilities to search through a list of directories that I specify? I know how to do this in intruder, but I want to be able to have this trigger automatically during a Burp Suite Scan. I looked at the 'insertion points' extension demo, but that just modifies a post parameter, whereas I want to modify the URL. Thanks in advance for...

    3 Agent Answers    4 Community Answers
    Jan 16, 2015 11:30PM UTC
  • Additional Scanner Checks Extension

    What is the context in which the Additional Scanner Checks extension decides whether or not a header needs the following properties. strict-transport-security x-content-type-options: no sniff X-XSS-protection Some sites I scan will come back with these findings and some will not. I have not noticed any distinguishable pattern of the sites that come back with these findings. (i.e) logon pag...

    1 Agent Answer    0 Community Answer
    Nov 28, 2014 12:05PM UTC
  • Extension bugs

    Hi, Any tips for identifying extensions failing to meet Burp's level of quality? Right now I have java consuming all available CPU and looks like it's not going to recover. Considering how much extra work a crashed burp and losing results costs time for a busy consultant, the unofficial extensions do not justify the costs.. Is it possible for Burp to prevent an extension from...

    1 Agent Answer    0 Community Answer
    Nov 28, 2014 11:57AM UTC
  • Load an extension headless

    Hi, I'm trying to build an easy scanner server, and need to configure Burp to scan in headless mode. As we don't have a graphical interface installed on this server, I have to do all things headless. I would like to load the carbonator BApp in the installation on my Debian 7.6 machine, but have no clue how to do this? I have copied the folder from my Kali box, and activated the ...

    4 Agent Answers    4 Community Answers
    Nov 28, 2014 11:35AM UTC