Burp Extensions

Make a new post

  • Burp Enterprise Edition/Pro Edition can be integrated with Microsoft Team Foundation Server 2017?

    Hi Burp Team, Currently we are evaluating the trial version of Burp Enterprise edition tool for security testing in our organization. The requirement is to integrate Burp Enterprise Edition/Pro Edition with Microsoft Team Foundation Server 2017 (TFS) for CI/CD implementation. Few queries around this area 1) Is it possible to implement CI/CD with TFS & Burp 2) If it's possible what a...

    1 Agent Answer    0 Community Answer
    Jan 03, 2019 10:34AM UTC
  • Highlighting in IMessageEditor

    Hello, I am trying to create an extension in which you can highlight single or multiple lines of text in the request or response tabs. I am having an issue when you add a “Graphic” to the IMessageEditor text area that it disappears when it is either selected or you highlight a new line of text. Highlight Method: /* * Graphics g: Takes components graphics object. * IMessageEditor req: Requ...

    1 Agent Answer    0 Community Answer
    Jan 02, 2019 04:33PM UTC
  • WebSocket API

    I'm dealing more and more with websockets: is there _any_ way to modify requests on the fly? I'm not afraid of writing a custom extension or fiddle with scripting my own tools. FWIW, if you provide some guidance, I could create a free extension and publish it.

    3 Agent Answers    4 Community Answers
    Dec 20, 2018 09:05AM UTC
  • Get local path of burp file via API

    I'm looking to be able to save information to the same directory as my Burp project file through a Burp Extension. I organize my project files in folders with respect to the applications I'm testing. There is the getCommandLineArguments method from callbacks, however I don't run Burp through the command line. I'd be fine doing this, but I'm not sure if I can load a...

    2 Agent Answers    2 Community Answers
    Dec 10, 2018 03:41PM UTC
  • Custom payload processor / generator

    My intruder scenario is brute forcing uids that are calculated based date. Current intruder has date payload, that is superb for the job. Now i would like to process these dates with my custom extension that formes uid from date. However there is one to many relationship here - one date generates up to 999 different uids. How can i return multiple processed payloads from my extension processPay...

    1 Agent Answer    0 Community Answer
    Nov 21, 2018 04:48PM UTC
  • Issues with burp scanner

    For one of my scan, I noticed that the scan threads request/response doesn't look like a actual captured request/response which were captured while crawling the application, Cookie part was removed from the requests for most of the scan threads during scan and got 302 Found, 404 not found, 401 Unauthorized and for some 200 ok. How to resolve this issue?

    1 Agent Answer    0 Community Answer
    Nov 02, 2018 01:31PM UTC
  • Saving HttpRequestResponse to file

    I noticed that there's a method called saveBuffersToTempFiles() that says that it allows saving of HttpRequestResponse objects to a file. Is there anymore information on how to use this? I haven't been able to successfully use it. Is there an alternative way to save the state of extensions using this method or a less hacky way without using addToSiteMap()? https://portswigger.net/burp...

    2 Agent Answers    2 Community Answers
    Oct 30, 2018 09:03PM UTC
  • Burp API Javadoc not accessible

    I noticed that the javadoc for the Burp API is no longer accessible. Was this on purpose for the 2.0 beta? https://portswigger.net/burp/extender/api/

    1 Agent Answer    0 Community Answer
    Oct 13, 2018 09:18PM UTC
  • Burp Extension + UpStream Proxy SLOWWWW

    Hi all, I created a burp extension that decrypts AES traffic. The infrastructure I am testing is in such way that all requests' payloads are being encrypted with AES. In order to work around this, I am sending the request to another Burp Instance to do the analysis and then finally send it to the server. The problem I am facing is that when I make a request, it takes around 3 minutes...

    1 Agent Answer    1 Community Answer
    Oct 10, 2018 03:09PM UTC
  • Accessing rendered HTML

    Hi, Is it possible to analyze the contents of a response once it has been rendered? i.e - The magic behind the render tab Thanks

    2 Agent Answers    2 Community Answers
    Oct 05, 2018 02:59AM UTC