Burp Extensions

Make a new post

  • JRuby + Swing: Stderr doesn't go to UI until extension reload

    Burp 1.6.20, tried JRuby 1.7.12 and In registerExtenderCallbacks, I instantiate a class that creates a Swing UI for my extension's configuration. The config UI creates a DefaultTableModel to hold my config data and JButtons for adding and removing rows. The JButton add/remove actionlisteners call a method in a Ruby class that reads the table data from the config UI's Defa...

    1 Agent Answer    0 Community Answer
    Jul 06, 2015 02:19AM UTC
  • Issue with the IBurpExtenderCallbacks method removeHttpListener

    I'm trying to remove a HttpListener that I have created. I noticed in the extender javadocs that there is a method called removeHttpListener, however the method doesn't exist in the IBurpExtenderCallbacks.java interface. I'm trying to be able to toggle the listener as I do not wanted to run all traffic through the extension when it isn't necessary. Additionally all of the ot...

    1 Agent Answer    1 Community Answer
    Jun 26, 2015 01:18AM UTC
  • Python interface text control

    Hi guys, I am reading the API documentation and i have not clean the funtion that i need to use for my question. Easy question, what API funtion i have to use for control the text portion selected from any part of 'burp output' ( repeater, request, response , etc )... Similar to API used from "Send to Decoder", that u can select any text and send to decoder. I want se...

    2 Agent Answers    2 Community Answers
    Jun 24, 2015 01:04AM UTC
  • Supported Layout Managers

    I've been noticing that when I use certain layout managers in my extension the extension no longer works. It doesn't throw any errors when I'm loading it, but it never creates its tab. What layout managers are actually supported? Or is this not supposed to be happening?

    1 Agent Answer    0 Community Answer
    Jun 17, 2015 07:15PM UTC
  • Update the content of the Intruder attack window

    I would like to intercept a request after an intruder attack is started. After the intercept, I want to modify the request and send them out. At the moment I'm trying it with a httpListener, but this does not update the attack window. Additionally I observed that Burp sends 2 requests, the first one is the original Intruder request an the second is the request I modified. How could I preve...

    1 Agent Answer    0 Community Answer
    Jun 12, 2015 08:19AM UTC
  • [python] registered callback 'performAction' never called

    I want to use a python extension to calculate a custom header I need to read a header, url and body (in case of POST) and calc a SHA1. my code so far: https://paste.cybertinus.nl/p/u33AS8kCnT I double checked al idents the 1 tab above the line "def performAction(self, currentRequest, macroItems):" is in place in my version, not in the pastebin. ======= from burp import IBu...

    1 Community Answer
    Jun 02, 2015 05:00PM UTC
  • Adding a header with ISessionHandlingAction

    I have a super simple extension to just jack in a static header for an api authentication on a Backbone site. It doesn't work, and I don't know why. Anyone have any ideas? from burp import IBurpExtender from burp import ISessionHandlingAction from burp import IParameter class BurpExtender(IBurpExtender, ISessionHandlingAction): def registerExtenderCallbacks(self, callbacks):...

    3 Agent Answers    5 Community Answers
    May 20, 2015 02:41AM UTC
  • Design of Active Scanner plugin vs InsertionPoints

    Hi all, I'm new to extending Burp and I wanted to add an active scanner plugin for XXE injection. Therefore I want it to take all post requests, change the content type to text/html and perform some xml entity queries for existing files. Problems I face : 1. I want this plugin to send one request url that supports POST. ( no matter how many parameters ) I tried to check for INS_PA...

    1 Agent Answer    0 Community Answer
    May 15, 2015 10:52AM UTC
  • extender

    So this 'issue' has been happening to me for the last few versions of burp suite pro. right now I am running the latest .18 version. In the extender tab i have the option to automatically reload extensions on startup selected. when i start up burp suite pro later on the extensions will load but for some, (randomly) it will load multiple same extensions. (ie. it will sometimes load 3 sqli...

    2 Agent Answers    1 Community Answer
    May 12, 2015 06:40AM UTC
  • Is it possible to get the request that originated a response from a MessageEditorTab?

    Hi, Is it possible to get the request that originated a response from a MessageEditorTab? Im only adding the tab for the responses, I want to search a log file based on a request header and paste the log entry in the response message editor tab. I can see you can access the response (content) from there but not the request, is anyway to do this? My current approach is to add the reques...

    2 Agent Answers    1 Community Answer
    May 07, 2015 11:19AM UTC