Burp Extensions

Make a new post

  • Parsing AMF3 - Burp

    Hi, I have a Flex app that is sending data using AMF3. I can see the contents in the AMF decode just fine. The problem now is that one of my request parameters is a Byte array. I can edit it in Raw mode, but if the length is increased/decreased by even a single byte - it messes up my request. And I can't apparently edit the Byte array contents using the AMF3 decoder - I can edit other fields...

    1 Agent Answer    1 Community Answer
    Mar 05, 2015 03:55PM UTC
  • Jira integration in the Scanner tool

    I would love to see an integration with Jira bugtracking. This way the scanned vulnerabilities can be quickly documented and sent for mitigation. The creation of the issue would preferably include the description and mitigation from the scanner and the full request and response. A screenshot of the rendered webpage would also be a nice as an attachment. Andy

    5 Agent Answers    4 Community Answers
    Mar 04, 2015 02:36PM UTC
  • exitSuite

    Can someone provide some example code for stopping burp suite programmatically using exitSuite as a Burp extension?

    2 Agent Answers    1 Community Answer
    Feb 25, 2015 06:34PM UTC
  • Which Java?

    do i need to install Java SE Runtime (oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html) or Java for windows (java.com/en/download/windows_xpi.jsp?locale=en) to work with Extensions correctly? i see here that support suggested to use Java SE http://forum.portswigger.net/thread/1167/unable-load-extensions-bapp-store is there a difference between both and do i get any ...

    1 Community Answer
    Feb 14, 2015 08:31PM UTC
  • Browser repeater extansion failed to load

    Hi, I'm trying without luck to load "Browser repeater" extension. I'm doing this under 1.6.09 and 1.6.10 Burp Pro versions with jython-standalone-2.5.4-rc1.jar. I'm getting all the time the following error. Does anybody knows how that can be resolved? " org.openqa.selenium.WebDriverException: java.lang.NullPointerException Build info: version: 'u...

    1 Agent Answer    0 Community Answer
    Feb 10, 2015 01:37PM UTC
  • Extension which scans a predined list of urls

    Is there a current extension which will take a predefined list of URL's and scan them? I was writing my own extension and I was able to use sendToSpider(url) method to add my URL to the spider but I wanted to know if there a way where instead of sending this URL to the burp spider I can directly send it to the scanner i.e. tell burp to do a scan on this URL.

    1 Community Answer
    Feb 09, 2015 11:21PM UTC
  • Need more info on GUI controls, configuration storing and parameters' parsing for my Burp exten...

    Greetings. I'm trying to compose my first Burp extension, and stumbled upon some problems I haven't been able to resolve with google's help. I have to mention that I'm not so skillfull programmer, also, so I'm in search for simplest solution possible to complete the task (this extension is actually a meaningfull project, I need it asap to do my daily work). I use python a...

    2 Agent Answers    1 Community Answer
    Jan 25, 2015 11:10AM UTC
  • Directory guessing extension for the Scanner

    Is there any way to augment the scanner's capabilities to search through a list of directories that I specify? I know how to do this in intruder, but I want to be able to have this trigger automatically during a Burp Suite Scan. I looked at the 'insertion points' extension demo, but that just modifies a post parameter, whereas I want to modify the URL. Thanks in advance for...

    3 Agent Answers    4 Community Answers
    Jan 16, 2015 11:30PM UTC
  • Additional Scanner Checks Extension

    What is the context in which the Additional Scanner Checks extension decides whether or not a header needs the following properties. strict-transport-security x-content-type-options: no sniff X-XSS-protection Some sites I scan will come back with these findings and some will not. I have not noticed any distinguishable pattern of the sites that come back with these findings. (i.e) logon pag...

    1 Agent Answer    0 Community Answer
    Nov 28, 2014 12:05PM UTC
  • Extension bugs

    Hi, Any tips for identifying extensions failing to meet Burp's level of quality? Right now I have java consuming all available CPU and looks like it's not going to recover. Considering how much extra work a crashed burp and losing results costs time for a busy consultant, the unofficial extensions do not justify the costs.. Is it possible for Burp to prevent an extension from...

    1 Agent Answer    0 Community Answer
    Nov 28, 2014 11:57AM UTC