Burp Extensions

Make a new post

  • Burp 2.0 extension-only audit

    I have a local page that I use to test for LFI attacks, when I used to run active scan against this page in Burp 1.7.37, I get the attack detected by different extensions, e.g. J2EEScan. I tried to scan the same page in Burp 2.20beta with the extension-only audit. However, I got no results and by checking the logs I don't see any of the extension packets, only maybe Active Scan++ but no J2E...

    4 Agent Answers    3 Community Answers
    May 19, 2019 07:56PM UTC
  • Issue in loading jython files to burp

    hello, I am seeing errors when I try to load burp extensions jython format, below is the error I see: java.lang.Exception: Failed to load Python interpreter from Jython JAR file at burp.cs3.<init>(Unknown Source) at burp.fii.a(Unknown Source) at burp.grb.lambda$panelLoaded$0(Unknown Source) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) a...

    1 Agent Answer    0 Community Answer
    May 11, 2019 08:46PM UTC
  • how to pass a file with URLS to SSLScanner

    Hi fellow Burp suite users, I am using the SSL Scanner extension with Burp Suite and I wander if anyone has a script that can read a list of URLs from a file and then pass one item at a time to the SSL Scanner, run the scan, save the report to file, and repeat for the next item in the list. I am a new user of BurpSuite so any help and guidance will be much appreciated. Regards Dimitris

    1 Agent Answer    0 Community Answer
    May 08, 2019 03:11PM UTC
  • What class/parameter makes the extensions be part of the scanner "Follow redirection when neces...

    Hi guys, I have an extension here and I am looking for a reflective value, although when I look at flow or logger++ the 302 is hit but never followed after the POST. Is there a special trick to have the extension follow the redirects when using IScannerCheck & doActiveScan? Thank you very much!

    2 Agent Answers    3 Community Answers
    Mar 14, 2019 07:26PM UTC
  • OpenAPI Parser

    I am not able to get the OpenAPI Parser to work. I keep getting an error message saying that "The OpenAPI specification contained in <file name> is ill formed and cannot be parsed". However, the very same file can be imported without any issue in tools like Postman. Any similar experience or suggestions? Thanks.

    2 Agent Answers    3 Community Answers
    Mar 13, 2019 03:08AM UTC
  • Auditing not calling doActiveScan(...) method via Extensibility API

    Hi folks, I am currently trying to learn the Burp Extensibility API using this example (in Java); https://github.com/PortSwigger/example-scanner-checks and getting stuck with something. With latest Beta version of Burp v2b18, is there a way to automatically spider+audit the server.js, that will display the vulnerability "Pipe Injection"? When I perform an audit I see that doPa...

    4 Agent Answers    4 Community Answers
    Mar 11, 2019 04:38PM UTC
  • Burp suite render

    Burp render

    1 Agent Answer    0 Community Answer
    Feb 23, 2019 06:37AM UTC
  • Burp 2.x: Create authenticated crawl from extension

    Hi Portswigger Support! I'm interested in using an extension (in headless mode) to spawn an authenticated crawl while using the 2.x versions of Burp Suite Professional. In the 1.x versions, I would have done this by saving credentials to the project options, loading the options on startup, and then calling sendToSpider() [https://portswigger.net/burp/extender/api/burp/IBurpExtenderCallb...

    1 Agent Answer    0 Community Answer
    Feb 22, 2019 10:46PM UTC
  • SAML Raider "failureInInitialization" with BurpSuite 2.0.16 beta

    Normally, the SAML Raider extension will populate a SAML Raider tab when you select a SAML request in the HTTP History. Now, instead of populating the tab, it simply says "failureInInitialization". Awesome. I'd attach a screenshot, but I don't see a way to do that. Not sure if this is related to upgrading to the most recent beta version (I suspect it is - it worked fine b...

    1 Agent Answer    0 Community Answer
    Feb 19, 2019 03:17PM UTC
  • Extender Not Displaying Plugins / Can't Refresh

    I am behind a corporate proxy environment using Ubuntu. Using the corporate proxy settings I am able to use Firefox to view websites as expected so Burpsuite should be able to display the BApp Store list under the Extender tab. The list is empty and the Refresh button is grayed out. What do you recommend? Thanks

    1 Agent Answer    0 Community Answer
    Feb 08, 2019 10:24PM UTC