Burp Extensions

Make a new post

  • buildParameter not working

    I built the HttpRequest using buildHttpMessage method and trying to add Cookie and Body param using LegacyBurpExtender.getInstance().getHelpers().buildParameter and addParameter and updateParameter methods and it is not working. Below is the code snippet, buildRequest = helpers.buildHttpMessage(headers,bodyObject.toString().getBytes()); IParameter testParam = helpers.buildParameter("test&qu...

    3 Agent Answers    1 Community Answer
    Aug 08, 2019 08:46PM UTC
  • Carbonator scans not accurate

    I just downloaded Carbonator extender through bapp and have use the command ./burpscan.sh http 127.0.0.1 80 /DVWA/vulnerabilities/ This launched burp UI and I checked that the scan does not detect SQL Injection, XSS or any other vulnerabilities. But when I use the manual way of proxy and sending it to active scanner it was able to detect those vulnerabilities. Is there any way in fixing this is...

    1 Agent Answer    1 Community Answer
    Aug 02, 2019 04:34AM UTC
  • Persist IBurpCollaboratorClientContext

    Hi, is there a way to persist IBurpCollaboratorClientContext object? When I reload my extension and get IBurpCollaboratorClientContext with callbacks.createBurpCollaboratorClientContext method it still fetches interactions made with payloads generated before extension reload. But when I exit burp and run it again, interactions from previous payloads are not fetched. Is it possible to get them ...

    3 Agent Answers    3 Community Answers
    Jul 25, 2019 03:41PM UTC
  • Testing environment

    Hi, I'm developing an extension and by this time got annoyed of development process where I need to restart extension to see the changes applied. Is there any way I could set up a testing environment where I could import burp classes/interfaces and test on them. Of particular interest is methods of IExtensionHelpers with analyze methods and different methods that modify request/response? I...

    1 Agent Answer    0 Community Answer
    Jul 20, 2019 03:26PM UTC
  • Python extension import package error

    Hello, I've run into an application that AES encrypts the body of HTTP requests and responses, I am writing an extension to decrypt and encrypt the payloads. I am writing the extension in Python and I receive an error when importing pycryptodome's AES module. I have moved AES.py into /usr/local/lib/python2.7/site-packages/ as the Crypto.Cipher.AES module is not recognized otherwis...

    2 Agent Answers    0 Community Answer
    Jul 11, 2019 09:48PM UTC
  • Request interception

    Hi there, I'm aware that if you register a IHttpListener you are able to intercept requests before they are sent out. Is it also possible to intercept a request prior to assigning it a tool, for example, the scanner? The purpose is to exclude certain parameters from the initial request, send the result of that to the scanner and as soon the scanner is done; the initial parameters are ad...

    1 Agent Answer    1 Community Answer
    Jul 05, 2019 01:11PM UTC
  • IMessageEditorTab check Tool

    I'm trying to create a simple jython extension to run a regex against the HTTP response and extract key fields into a new IMessageEditorTab. Is there anyway in IMessageEditorTab.isEnabled or IMessageEditorTabFactory.createNewInstance to check which Tool you're in? I only want the tab created in Repeater (and ideally with a different regex per tab). On a big project it's killing burp...

    3 Agent Answers    2 Community Answers
    Jul 02, 2019 11:46AM UTC
  • Session dies while scanning

    Guys, I have this very general problem. I did a search across the google, but did not find a proper solution. This is what I have done: I have created a session validation under Projects->Sessions Under that, I have a macro, which checks if the session is invalidated, if yes, it would re-execute the requests, which will create a new session So far good. Now, when I do a scan from t...

    1 Agent Answer    0 Community Answer
    Jun 27, 2019 12:34PM UTC
  • System.exit() kills Burp

    I'm building an extension that will call a Java command line program from within Burp (by calling the main() method). Unfortunately, when the command line tool finishes, it calls System.exit(0); which doesn't just kill the CLI, it also kills Burp entirely. Is there a way to prevent this in Burp? As a side question, when extensions are submitted to the BApp Store do you check for thin...

    1 Agent Answer    0 Community Answer
    Jun 25, 2019 09:38PM UTC
  • Unable to edit the content headers

    What is wrong in the below code ? I do not see the request getting edited as I don't find the 'Edited Request' tab at all: package burp; import java.io.PrintWriter; import java.util.List; public class BurpExtender implements IBurpExtender, IHttpListener, IProxyListener { // // implement IBurpExtender // private IExtensionHelpers helpers; PrintWri...

    1 Agent Answer    1 Community Answer
    Jun 25, 2019 01:14PM UTC