Burp Extensions

Make a new post

  • [python] registered callback 'performAction' never called

    I want to use a python extension to calculate a custom header I need to read a header, url and body (in case of POST) and calc a SHA1. my code so far: https://paste.cybertinus.nl/p/u33AS8kCnT I double checked al idents the 1 tab above the line "def performAction(self, currentRequest, macroItems):" is in place in my version, not in the pastebin. ======= from burp import IBu...

    1 Community Answer
    Jun 02, 2015 05:00PM UTC
  • Adding a header with ISessionHandlingAction

    I have a super simple extension to just jack in a static header for an api authentication on a Backbone site. It doesn't work, and I don't know why. Anyone have any ideas? from burp import IBurpExtender from burp import ISessionHandlingAction from burp import IParameter class BurpExtender(IBurpExtender, ISessionHandlingAction): def registerExtenderCallbacks(self, callbacks):...

    3 Agent Answers    5 Community Answers
    May 20, 2015 02:41AM UTC
  • Design of Active Scanner plugin vs InsertionPoints

    Hi all, I'm new to extending Burp and I wanted to add an active scanner plugin for XXE injection. Therefore I want it to take all post requests, change the content type to text/html and perform some xml entity queries for existing files. Problems I face : 1. I want this plugin to send one request url that supports POST. ( no matter how many parameters ) I tried to check for INS_PA...

    1 Agent Answer    0 Community Answer
    May 15, 2015 10:52AM UTC
  • extender

    So this 'issue' has been happening to me for the last few versions of burp suite pro. right now I am running the latest .18 version. In the extender tab i have the option to automatically reload extensions on startup selected. when i start up burp suite pro later on the extensions will load but for some, (randomly) it will load multiple same extensions. (ie. it will sometimes load 3 sqli...

    2 Agent Answers    1 Community Answer
    May 12, 2015 06:40AM UTC
  • Is it possible to get the request that originated a response from a MessageEditorTab?

    Hi, Is it possible to get the request that originated a response from a MessageEditorTab? Im only adding the tab for the responses, I want to search a log file based on a request header and paste the log entry in the response message editor tab. I can see you can access the response (content) from there but not the request, is anyway to do this? My current approach is to add the reques...

    2 Agent Answers    1 Community Answer
    May 07, 2015 11:19AM UTC
  • Sqlite-jdbc and jython

    Hello, I am trying to do a Python Burp Suite extension (with jython 2.7) and I want to use sqlite to save some data. I have some code examples to use "sqlite.JDBC" working properly with "jython" through the following commands: - export CLASSPATH=/tmp/sqlite-jdbc-3.7.2.jar:$CLASSPATH - jython example.py I have a problem when I try to use this examples like Burp Suite ...

    1 Agent Answer    0 Community Answer
    Apr 23, 2015 03:45PM UTC
  • Burp extension - OS Scanner

    Just wondering if there are any type of extensions that may report OS vulnerabilities at all.

    1 Agent Answer    0 Community Answer
    Apr 21, 2015 06:13PM UTC
  • Burp plugin that does not launch Burp GUI

    We want to write a plugin that runs certain Burp functions, but does so in the background, and without launching the Burp GUI. Is there a way to suppress the GUI while executing certain functions (e.g., Scan)? Please advise. Thanks for any assistance!

    1 Agent Answer    1 Community Answer
    Apr 16, 2015 09:06PM UTC
  • Use "Extract" UI in Plugin

    Hello, Is it possible to integrate the existing Intruder "Define grep extract item" UI (or the Macro::Configure Item "Define Customer Parameter" UI) as part of an extension? I read through the API documentation but could not find a place where this might be exposed. Thanks, Jon

    1 Agent Answer    1 Community Answer
    Mar 10, 2015 02:33PM UTC
  • Parsing AMF3 - Burp

    Hi, I have a Flex app that is sending data using AMF3. I can see the contents in the AMF decode just fine. The problem now is that one of my request parameters is a Byte array. I can edit it in Raw mode, but if the length is increased/decreased by even a single byte - it messes up my request. And I can't apparently edit the Byte array contents using the AMF3 decoder - I can edit other fields...

    1 Agent Answer    1 Community Answer
    Mar 05, 2015 03:55PM UTC