Burp Extensions

Make a new post

  • IExtensionHelpers.urlDecode() not handling UTF-8

    I have an input string which contains an ENDASH encoded using UTF-8 as: %E2%80%93 When I decode that in my extension with IExtensionHelpers.urlDecode(String input) I get: – However, the Java URLDecoder.decode(String input, "UTF-8") produces the proper ENDASH: – What encoding is assumed internally by IExtensionHelpers.urlDecode()? Could the API be modified to allow ...

    4 Agent Answers    3 Community Answers
    Nov 30, 2017 12:34AM UTC
  • Burp Store and burp app validation

    Hi, Regarding the burp store, do you do any check regarding the content of the burp extension? How can we guarantee that there are 100% safe and no traffic will be sent to 3rd party? Appreciate your response. Thank you.

    1 Agent Answer    1 Community Answer
    Nov 28, 2017 09:41AM UTC
  • Collaborator: What are the exploitability differences between DNS lookups from different headers?

    Looking at the scan logs from Collaborator, I'm seeing medium severity for DNS lookups when the URL is supplied in either X-Forwarded-For or X-Wap-Profile, but red when it's caused by the Host header. I'm trying to understand why they are of different severity. In both instances, the server is performing a DNS request. Is it because the Host header isn't meant to be changed, so...

    1 Agent Answer    0 Community Answer
    Nov 25, 2017 12:11AM UTC
  • Need an extension to do advanced substitution

    We are using a commercial web app testing product to test a customer's massive application and we need to work around a problem in the webapp testing product. Turning the test, the product does a GET and the customer's server returns a page with these fragments: ----------------- <form name='win1' method='post' action="https://webaddress/url1"> &...

    1 Agent Answer    0 Community Answer
    Nov 15, 2017 06:12PM UTC
  • IBurpExtenderCallbacks.makeHttpRequest() throws RuntimeException

    If the network connection fails, callbacks.makeHttpRequest throws a RuntimeException. Any way we could get that method to declare that it throws a proper subclass of (presumably) IOException so we could check for and handle it in code?

    2 Agent Answers    1 Community Answer
    Nov 08, 2017 12:02AM UTC
  • How to retrieve only body of response

    Hello team I am making http requests to a site and how to get only body of the response. here is the code :- req = self._helpers.buildHttpMessage(headers, body) print self._helpers.bytesToString(req) resp = self.callbacks.makeHttpRequest("", 1330, True, req) print self._helpers.bytesToString(resp) I have tried to get body by resp.getResponse() but it didnt wor...

    1 Agent Answer    0 Community Answer
    Oct 24, 2017 11:35AM UTC
  • Updating a parameter inline

    Hey, When updating a query parameter through the "IExtensionHelpers.updateParameter" method, the parameter is removed from the query parameters, then updated and appended to the end. Is this intended functionality and if so is there an easy way to update the parameter inline? Thanks, Justin

    1 Agent Answer    0 Community Answer
    Oct 20, 2017 06:31PM UTC
  • Extra Extensiona

    Is there any extension need to be indatalled manually.

    1 Agent Answer    0 Community Answer
    Oct 15, 2017 04:15AM UTC
  • DNS requests

    I'm using the following Python to try to make DNS requests from my extension: import dns.resolver ... myResolver = dns.resolver.Resolver() try: myResolver.query(domain, "MX") except dns.exception.Timeout: self._printError("Timeout while requesting MX record") This works fine on the command line but times out every...

    1 Agent Answer    1 Community Answer
    Oct 06, 2017 09:44AM UTC
  • How to affect URLs that show up in Target/Site Map

    I am developing an extension to enhance the Target/Site Map filtering capabilities. Is there a way to intercept every Request coming into Burp to allow decision code that would determine if a URL will be displayed in the "Site Map" list on the Target tab? Thanks.

    3 Agent Answers    5 Community Answers
    Oct 05, 2017 08:36PM UTC