Burp Extensions

Make a new post

  • What class/parameter makes the extensions be part of the scanner "Follow redirection when neces...

    Hi guys, I have an extension here and I am looking for a reflective value, although when I look at flow or logger++ the 302 is hit but never followed after the POST. Is there a special trick to have the extension follow the redirects when using IScannerCheck & doActiveScan? Thank you very much!

    2 Agent Answers    3 Community Answers
    Mar 14, 2019 07:26PM UTC
  • OpenAPI Parser

    I am not able to get the OpenAPI Parser to work. I keep getting an error message saying that "The OpenAPI specification contained in <file name> is ill formed and cannot be parsed". However, the very same file can be imported without any issue in tools like Postman. Any similar experience or suggestions? Thanks.

    2 Agent Answers    4 Community Answers
    Mar 13, 2019 03:08AM UTC
  • Auditing not calling doActiveScan(...) method via Extensibility API

    Hi folks, I am currently trying to learn the Burp Extensibility API using this example (in Java); https://github.com/PortSwigger/example-scanner-checks and getting stuck with something. With latest Beta version of Burp v2b18, is there a way to automatically spider+audit the server.js, that will display the vulnerability "Pipe Injection"? When I perform an audit I see that doPa...

    4 Agent Answers    4 Community Answers
    Mar 11, 2019 04:38PM UTC
  • Burp suite render

    Burp render

    1 Agent Answer    0 Community Answer
    Feb 23, 2019 06:37AM UTC
  • Burp 2.x: Create authenticated crawl from extension

    Hi Portswigger Support! I'm interested in using an extension (in headless mode) to spawn an authenticated crawl while using the 2.x versions of Burp Suite Professional. In the 1.x versions, I would have done this by saving credentials to the project options, loading the options on startup, and then calling sendToSpider() [https://portswigger.net/burp/extender/api/burp/IBurpExtenderCallb...

    1 Agent Answer    0 Community Answer
    Feb 22, 2019 10:46PM UTC
  • SAML Raider "failureInInitialization" with BurpSuite 2.0.16 beta

    Normally, the SAML Raider extension will populate a SAML Raider tab when you select a SAML request in the HTTP History. Now, instead of populating the tab, it simply says "failureInInitialization". Awesome. I'd attach a screenshot, but I don't see a way to do that. Not sure if this is related to upgrading to the most recent beta version (I suspect it is - it worked fine b...

    1 Agent Answer    0 Community Answer
    Feb 19, 2019 03:17PM UTC
  • Extender Not Displaying Plugins / Can't Refresh

    I am behind a corporate proxy environment using Ubuntu. Using the corporate proxy settings I am able to use Firefox to view websites as expected so Burpsuite should be able to display the BApp Store list under the Extender tab. The list is empty and the Refresh button is grayed out. What do you recommend? Thanks

    1 Agent Answer    0 Community Answer
    Feb 08, 2019 10:24PM UTC
  • when I install a python extender(burpsmartbuster), it points out that "failed to load bapp"...

    I have already install jython.jar file(2.7,the file has been selected in options) and python(but i have two versions of python and both of them is system variables) the error messages is here: java.lang.IllegalArgumentException: Cannot create PyString with non-byte value at org.python.core.PyString.<init>(PyString.java:64) at org.python.core.PyString.<init>(PyString.java:70) at...

    6 Agent Answers    6 Community Answers
    Jan 28, 2019 04:38AM UTC
  • Burp scanner insertion point custom encoding

    I'm trying to create an extension for scanner to specify multiple insertion points and also do some custom encoding on the payload from scanner. I'm attempting to use the following example along with the documentation to achieve this: https://github.com/PortSwigger/example-custom-scan-insertion-points/blob/master/java/BurpExtender.java I don't exactly want to change the positi...

    3 Agent Answers    2 Community Answers
    Jan 25, 2019 10:32PM UTC
  • SQLiPy fails to load after upgrade to v2.0.14beta

    After upgrading to BurpSuite v2.0.13beta the SQLiPY extension fails to load with the following error: ImportError: signal module requires sun.misc.Signal, which is not available on this platform After rolling back to v2.0.13beta SQLiPY extension is able to be loaded again.

    1 Agent Answer    4 Community Answers
    Jan 24, 2019 01:39AM UTC