Burp Extensions

Make a new post

  • Automatically Change Response

    Hi, I am currently developing a Burp plugin in python and do have a problem for which I don't have a solution. I basically want to automatically change the response but I do have a plugin in between that decodes my binary. What I have achieved until now is that I see my decoded message as a new tab in the proxy and target view. I can also manipulate the response by intercepting it first a...

    1 Agent Answer    1 Community Answer
    Jun 27, 2018 02:23PM UTC
  • Burp upstream proxy settings and setHttpService

    Hello, I was wondering if you can help me with a few questions. I'm trying to dynamically set the upstream proxy depending on the current request and modify incoming response based on a set of rules. In that regards, I've a few questions. 1. Based on this answer (https://support.portswigger.net/customer/portal/questions/17143574-project-configuration-changes-aren-t-picked-up-dur...

    3 Agent Answers    4 Community Answers
    Jun 22, 2018 01:22PM UTC
  • Detection of outdated components

    Dear all, How can I know if a specific component is outdated and will be detected or not by BurpSuite? In specific I had a complaint from a customer, we did not detect that primefaces 5.x is vulnerable (CVE-2017-1000486).In burp-log I can see primefaces 5.x was in an server response. Does Retire.js help here? Best regards and thanks in advance.

    1 Agent Answer    1 Community Answer
    Jun 20, 2018 06:15PM UTC
  • Problem with burp extension to automate security checks of single sign-on

    Hello, I'm currently trying to develop (jython) extension to automate some work with single sign-on protocols (like oauth, saml etc.). The main idea how it would work is: - Check requests if it's an sso request - Determine which one it is - Perform some passive checks - Perform active checks which would lead to start a new chain of authorization with protocol and perform some atta...

    1 Agent Answer    0 Community Answer
    Jun 13, 2018 01:00PM UTC
  • Extensions class loading

    Hello, I was wondering if Burp supports class loading from extensions. What I am looking for is if an extension can be made available as an API and that API's classes be used from other extensions. Does Burp's API support this or can it be done using Java's ClassLoader? Does Burp use separate class loaders that isolate each extension? Any help is appreciated. Thanks, V...

    1 Agent Answer    0 Community Answer
    Jun 11, 2018 03:28AM UTC
  • Counting the requests from extensions

    Hi, I want to ask - when I use some extenders (e.g. Scan Check Builder), when I remove all the Active scan rules, apart from those coming from extensions, and I only have a single extension running. In the session tracer I can see quite a big traffic, however in the Scanner - Scan queue I only see 2 requests being use. I suppose this is done by active scan natively. My question is - is it possibl...

    2 Agent Answers    0 Community Answer
    Jun 07, 2018 12:00PM UTC
  • How to scan all urls of a webpage from command line.

    Hi Team, I have used carbonate to san url from the command line where i can pass one url at a time and it scans the url and gives me the HTML report. Can i scan all the urls of a webpage from command line at a time. Please help. Thanks and Regards, Anjani.

    3 Agent Answers    2 Community Answers
    May 31, 2018 09:53AM UTC
  • Odd inconstancy in extension behaviour

    Hello, I wrote an extension that fails for one of my user throwing an exception: --- Traceback (most recent call last): File "E:\BurpSuite Settings and Extensions\Extenders\OurExtensions\Radar\main.py", line 220, in registerExtenderCallbacks self.includeUI = BtnList("includes", self._callbacks, self) File "E:\BurpSuite Settings and Extensions\Extenders\OurE...

    1 Agent Answer    1 Community Answer
    May 30, 2018 09:30AM UTC
  • Attack selector always queues custom attacks

    Hello there, I'm trying to figure out how to use the Attack selector extension. After creating a custom attack. I select from the context menu somewhere in Repeater/Proxy/...etc and it goes with status "queued" but does nothing after that. I have read the note that says I shouldn't use the normal scanner or mess with the configuration .. etc; so I started a clean insta...

    2 Agent Answers    1 Community Answer
    May 23, 2018 11:21AM UTC
  • Can't modify scanner issues context menu

    When I try to add a context menu entry to the scanner issues context menu, nothing shows up, it also does not return a InvocationContext when I right click on the scanner issues.

    2 Agent Answers    2 Community Answers
    May 15, 2018 07:40AM UTC