Burp Extensions

Make a new post

  • Failed to import .py extension: OSError: [Errno 0] chdir not supported in Java

    As the title says, I am facing this when trying to install Python extensions in Burp. Is it something related to jython environment variables? Thanks This is the complete traceback: Traceback (innermost last): File "<string>", line 1, in ? File "/Users/alex/jython2.2.1/jython.jar/Lib/javaos.py", line 121, in chdir OSError: [Errno 0] chdir not supported in...

    1 Agent Answer    0 Community Answer
    Sep 04, 2018 03:38PM UTC
  • burp.byc

    I was wondering if you have any idea what could lead to the following python stack trace when using the makeHttpRequest Burp extension API? Traceback (most recent call last): File "/root/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/UploadScanner.py", line 903, in doActiveScan self.do_checks(injector) File "/root/.BurpSuite/bapps/b2244cbb6953442cb3c82fa0a0d908fa/Up...

    4 Agent Answers    3 Community Answers
    Aug 29, 2018 09:42AM UTC
  • Is it possible to retrieve the path of the currently open project?

    I would like to retrieve the path of the currently open Burp Project to reference some resource on the filesystem relative to the project directory. I am unable to find a suitable API to do this in the documentation. Is it currently possible to do this? If not is it possible to add an API for it?

    2 Agent Answers    1 Community Answer
    Aug 14, 2018 02:31AM UTC
  • SSL Scanner

    Hi, I get this error while installing the burp extension for SSL scanner. Any help to resolve this? Jython version used is 2.7.0 Traceback (most recent call last): File "<Home>\AppData\Roaming\BurpSuite\bapps\474b3c575a1a4584aa44dfefc70f269d\burp-ssl-scanner.py", line 145, in registerExtenderCallbacks scanAccuracy = projectConfig['scanner']['active_sca...

    1 Agent Answer    0 Community Answer
    Aug 09, 2018 08:02PM UTC
  • Retire.js not working

    Hi, The retire.js extension in Burp Suite Pro is not working. I do not see any feedback during passive scanning in either the "Target>Issue" or "Scanner>Issue activity" tabs. The firefox Retire.js plugin does show issues so I know it should show something. I just downloaded Pro with this plugin as one of the reasons. I do run on the newest Kali which has JRE versio...

    4 Agent Answers    4 Community Answers
    Aug 07, 2018 01:33PM UTC
  • failed to coerce [Lburp.IHttpRequestResponse; to burp.IHttpRequestResponse

    Hi everyone. I writing burp extender code using Jruby. and... come in error :( Plz help me... [ Error ] failed to coerce [Lburp.IHttpRequestResponse; to burp.IHttpRequestResponse [ Code line ] def createMenuItems(invocation) .... requestResponse = invocation.getSelectedMessages .... Blahblah~~ @callbacks.saveBuffersToTempFiles(requestResponse) # I think, error in this line ...

    1 Community Answer
    Aug 01, 2018 06:24AM UTC
  • Burp Extension Loading hangs

    Hi I'm trying to load some Burp extensions (Java/Jython), but the load hangs without any error or log messages. I'm using the latest version of Burp Pro 1.7.35, the extensions I'm trying to load are: HUNT scanner HUNT methodology show insertion points burp_vulners_scanner-1.1 The interesting point is that the HUNT extensions work with an older version of Burp Pro (1.7.21), ...

    3 Agent Answers    1 Community Answer
    Jul 18, 2018 09:13AM UTC
  • Automatically Change Response

    Hi, I am currently developing a Burp plugin in python and do have a problem for which I don't have a solution. I basically want to automatically change the response but I do have a plugin in between that decodes my binary. What I have achieved until now is that I see my decoded message as a new tab in the proxy and target view. I can also manipulate the response by intercepting it first a...

    1 Agent Answer    1 Community Answer
    Jun 27, 2018 02:23PM UTC
  • Burp upstream proxy settings and setHttpService

    Hello, I was wondering if you can help me with a few questions. I'm trying to dynamically set the upstream proxy depending on the current request and modify incoming response based on a set of rules. In that regards, I've a few questions. 1. Based on this answer (https://support.portswigger.net/customer/portal/questions/17143574-project-configuration-changes-aren-t-picked-up-dur...

    3 Agent Answers    4 Community Answers
    Jun 22, 2018 01:22PM UTC
  • Detection of outdated components

    Dear all, How can I know if a specific component is outdated and will be detected or not by BurpSuite? In specific I had a complaint from a customer, we did not detect that primefaces 5.x is vulnerable (CVE-2017-1000486).In burp-log I can see primefaces 5.x was in an server response. Does Retire.js help here? Best regards and thanks in advance.

    1 Agent Answer    1 Community Answer
    Jun 20, 2018 06:15PM UTC