Burp Extensions

Make a new post

  • Burp 2.x: Create authenticated crawl from extension

    Hi Portswigger Support! I'm interested in using an extension (in headless mode) to spawn an authenticated crawl while using the 2.x versions of Burp Suite Professional. In the 1.x versions, I would have done this by saving credentials to the project options, loading the options on startup, and then calling sendToSpider() [https://portswigger.net/burp/extender/api/burp/IBurpExtenderCallb...

    1 Agent Answer    0 Community Answer
    Feb 22, 2019 10:46PM UTC
  • SAML Raider "failureInInitialization" with BurpSuite 2.0.16 beta

    Normally, the SAML Raider extension will populate a SAML Raider tab when you select a SAML request in the HTTP History. Now, instead of populating the tab, it simply says "failureInInitialization". Awesome. I'd attach a screenshot, but I don't see a way to do that. Not sure if this is related to upgrading to the most recent beta version (I suspect it is - it worked fine b...

    1 Agent Answer    0 Community Answer
    Feb 19, 2019 03:17PM UTC
  • Extender Not Displaying Plugins / Can't Refresh

    I am behind a corporate proxy environment using Ubuntu. Using the corporate proxy settings I am able to use Firefox to view websites as expected so Burpsuite should be able to display the BApp Store list under the Extender tab. The list is empty and the Refresh button is grayed out. What do you recommend? Thanks

    1 Agent Answer    0 Community Answer
    Feb 08, 2019 10:24PM UTC
  • when I install a python extender(burpsmartbuster), it points out that "failed to load bapp"...

    I have already install jython.jar file(2.7,the file has been selected in options) and python(but i have two versions of python and both of them is system variables) the error messages is here: java.lang.IllegalArgumentException: Cannot create PyString with non-byte value at org.python.core.PyString.<init>(PyString.java:64) at org.python.core.PyString.<init>(PyString.java:70) at...

    6 Agent Answers    6 Community Answers
    Jan 28, 2019 04:38AM UTC
  • Burp scanner insertion point custom encoding

    I'm trying to create an extension for scanner to specify multiple insertion points and also do some custom encoding on the payload from scanner. I'm attempting to use the following example along with the documentation to achieve this: https://github.com/PortSwigger/example-custom-scan-insertion-points/blob/master/java/BurpExtender.java I don't exactly want to change the positi...

    3 Agent Answers    2 Community Answers
    Jan 25, 2019 10:32PM UTC
  • SQLiPy fails to load after upgrade to v2.0.14beta

    After upgrading to BurpSuite v2.0.13beta the SQLiPY extension fails to load with the following error: ImportError: signal module requires sun.misc.Signal, which is not available on this platform After rolling back to v2.0.13beta SQLiPY extension is able to be loaded again.

    1 Agent Answer    4 Community Answers
    Jan 24, 2019 01:39AM UTC
  • Handle IInterceptedProxyMessage BEFORE it's sent to the server?

    This is my first attempt at writing an extension. I would like to intercept certain requests, inspect them, and handle SOME of them BEFORE they are sent to the remote server. In other words, for certain requests, I would like to handle the response entirely in my own code, and have my browser think that the response came from the remote server. I have modified some of the Python example extensi...

    1 Agent Answer    2 Community Answers
    Jan 22, 2019 11:46PM UTC
  • Scope manipulation API

    Methods IBurpExtenderCallbacks.{includeIn,excludeFrom}Scope make it possible to add/remove a specific URL to/from the scope. Is there a way to use these or any other API call to perform actions like those available on the GUI, such as specifying regular expressions for the path, ignoring the protocol and/or port, etc.?

    1 Agent Answer    1 Community Answer
    Jan 22, 2019 08:45AM UTC
  • Access command line through Burp extension

    As per the subject, I was wondering if it is possible to access the command line (either windows or linux) through a Burp extension.

    1 Agent Answer    0 Community Answer
    Jan 08, 2019 09:02PM UTC
  • คุณได้ชำระเงินจำนวน $399.00 USD ให้ PortSwigger Ltd (mail@portswigger.net)

    08 ม.ค. 2019 01:09:36 GMT+07:00 ID การทำรายการ: 9FC40466TM976523J สวัสดีค่ะ คุณ ayut intasut คุณได้ชำระเงินจำนวน $399.00 USD ให้ PortSwigger Ltd (mail@portswigger.net) คุณอาจต้องรอสักครู่เพื่อให้การทำรายการนี้ปรากฏขึ้นในบัญชีของคุณ ผู้ค้า PortSwigger Ltd mail@portswigger.net คำแนะนำถึงผู้ค้า คุณไม่ได้ป้อนคำแนะนำใดๆ รายละเอียด: ราคาต่อหน่วย ปริมาณ จำนวนเงิน Burp S...

    1 Agent Answer    0 Community Answer
    Jan 08, 2019 06:29AM UTC