Burp Extensions

Make a new post

  • Handle IInterceptedProxyMessage BEFORE it's sent to the server?

    This is my first attempt at writing an extension. I would like to intercept certain requests, inspect them, and handle SOME of them BEFORE they are sent to the remote server. In other words, for certain requests, I would like to handle the response entirely in my own code, and have my browser think that the response came from the remote server. I have modified some of the Python example extensi...

    1 Agent Answer    2 Community Answers
    Jan 22, 2019 11:46PM UTC
  • Scope manipulation API

    Methods IBurpExtenderCallbacks.{includeIn,excludeFrom}Scope make it possible to add/remove a specific URL to/from the scope. Is there a way to use these or any other API call to perform actions like those available on the GUI, such as specifying regular expressions for the path, ignoring the protocol and/or port, etc.?

    1 Agent Answer    1 Community Answer
    Jan 22, 2019 08:45AM UTC
  • Access command line through Burp extension

    As per the subject, I was wondering if it is possible to access the command line (either windows or linux) through a Burp extension.

    1 Agent Answer    0 Community Answer
    Jan 08, 2019 09:02PM UTC
  • คุณได้ชำระเงินจำนวน $399.00 USD ให้ PortSwigger Ltd (mail@portswigger.net)

    08 ม.ค. 2019 01:09:36 GMT+07:00 ID การทำรายการ: 9FC40466TM976523J สวัสดีค่ะ คุณ ayut intasut คุณได้ชำระเงินจำนวน $399.00 USD ให้ PortSwigger Ltd (mail@portswigger.net) คุณอาจต้องรอสักครู่เพื่อให้การทำรายการนี้ปรากฏขึ้นในบัญชีของคุณ ผู้ค้า PortSwigger Ltd mail@portswigger.net คำแนะนำถึงผู้ค้า คุณไม่ได้ป้อนคำแนะนำใดๆ รายละเอียด: ราคาต่อหน่วย ปริมาณ จำนวนเงิน Burp S...

    1 Agent Answer    0 Community Answer
    Jan 08, 2019 06:29AM UTC
  • Burp Enterprise Edition/Pro Edition can be integrated with Microsoft Team Foundation Server 2017?

    Hi Burp Team, Currently we are evaluating the trial version of Burp Enterprise edition tool for security testing in our organization. The requirement is to integrate Burp Enterprise Edition/Pro Edition with Microsoft Team Foundation Server 2017 (TFS) for CI/CD implementation. Few queries around this area 1) Is it possible to implement CI/CD with TFS & Burp 2) If it's possible what a...

    3 Agent Answers    2 Community Answers
    Jan 03, 2019 10:34AM UTC
  • Highlighting in IMessageEditor

    Hello, I am trying to create an extension in which you can highlight single or multiple lines of text in the request or response tabs. I am having an issue when you add a “Graphic” to the IMessageEditor text area that it disappears when it is either selected or you highlight a new line of text. Highlight Method: /* * Graphics g: Takes components graphics object. * IMessageEditor req: Requ...

    1 Agent Answer    0 Community Answer
    Jan 02, 2019 04:33PM UTC
  • WebSocket API

    I'm dealing more and more with websockets: is there _any_ way to modify requests on the fly? I'm not afraid of writing a custom extension or fiddle with scripting my own tools. FWIW, if you provide some guidance, I could create a free extension and publish it.

    4 Agent Answers    6 Community Answers
    Dec 20, 2018 09:05AM UTC
  • Get local path of burp file via API

    I'm looking to be able to save information to the same directory as my Burp project file through a Burp Extension. I organize my project files in folders with respect to the applications I'm testing. There is the getCommandLineArguments method from callbacks, however I don't run Burp through the command line. I'd be fine doing this, but I'm not sure if I can load a...

    2 Agent Answers    2 Community Answers
    Dec 10, 2018 03:41PM UTC
  • Custom payload processor / generator

    My intruder scenario is brute forcing uids that are calculated based date. Current intruder has date payload, that is superb for the job. Now i would like to process these dates with my custom extension that formes uid from date. However there is one to many relationship here - one date generates up to 999 different uids. How can i return multiple processed payloads from my extension processPay...

    1 Agent Answer    0 Community Answer
    Nov 21, 2018 04:48PM UTC
  • Issues with burp scanner

    For one of my scan, I noticed that the scan threads request/response doesn't look like a actual captured request/response which were captured while crawling the application, Cookie part was removed from the requests for most of the scan threads during scan and got 302 Found, 404 not found, 401 Unauthorized and for some 200 ok. How to resolve this issue?

    1 Agent Answer    0 Community Answer
    Nov 02, 2018 01:31PM UTC