Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • lack of "/" in InsertionPoint

    Hi, Burp Support Team I am trying to write an extension to improve activeScan. But I encountered a problem. When I sent to activeScan, my extension can receive insertionPoint of type 0x25(INS_URL_PATH_FILENAME) and it's value is "test". But When I sent to activeScan, my extension can not receive insertionPoint of type 0x25(INS_UR...

    1 Agent Answer    0 Community Answer
    Jun 28, 2016 05:22PM UTC
  • Custom issues in Burp-report

    Hi Team, I have created an extender. Now, I want to run my extender along with active scan. What are all the steps to be followed? Request your guidance/support for the above said query. Thanks in advance. Regards, Subash.T

    1 Agent Answer    0 Community Answer
    Jun 09, 2016 07:02AM UTC
  • Building a Burp Intruder extension that generates multiple payloads for a single request.

    I'm working on a Burp Intruder extension for pen-testing our own custom API. As part of the protocol, a HMAC is generated by the client and added to the header, along with another custom header parameter. The body contains a number of JSON fields, the values of which are also used in the HMAC. I need to generate the HMAC from the JSON body and the custom header parameter for each request,...

    1 Agent Answer    0 Community Answer
    May 11, 2016 06:44AM UTC
  • Burp Extender socks5

    I want to developer extender by jython, The Extender is port scan. I want all the traffic through socks5, How do i

    1 Agent Answer    0 Community Answer
    May 11, 2016 04:53AM UTC
  • Variable Persistence

    Is there a way to persist a variable between requests in an extension? For example I want to take a parameter from one response and then in a later request use this to calculate a different parameter? The value which needs to be sent in the later request is based on the first response, but I need to do some calculations on it first so I can't just save it using a macro and replay it later.

    1 Agent Answer    1 Community Answer
    May 09, 2016 09:27PM UTC
  • Burp Extension

    I am trying to create a burp extension which scans for particular text in the response. Now I want this text to be dynamically defined by the user. How do I do that ? As in consider search functionality as extension which monitors all your responses and search for the keywords you want it to search . Whats tha best approach here ?

    1 Agent Answer    0 Community Answer
    May 09, 2016 10:07AM UTC
  • Manual Scan Issues Extension exception with Burp 1.7

    java.lang.NullPointerException at burp.BurpExtender.createMenuItems( at burp.nbd.a(Unknown Source) at burp.bmc.a(Unknown Source) at burp.ofc.a(Unknown Source) at burp.ofc.a(Unknown Source) at burp.v7.a(Unknown Source) at burp.v7.mouseReleased(Unknown Source) at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source) at java.awt.Component.processMouseEv...

    1 Agent Answer    0 Community Answer
    Apr 25, 2016 08:40PM UTC
  • Modify Response depending on request

    Hi I need to write a python extension to modify responses depending on what the actual request was. Responses coming from server may be the same for different requests (like 400 Forbidden). I am using the IProxyListener interface, but I see that it handles requests and responses separately, ie(message is request OR message is not request) How can I adjust my response based on the what the ...

    1 Agent Answer    0 Community Answer
    Apr 07, 2016 01:54PM UTC
  • extension - Burp-hash

    I've been using the Burp-hash extension but its starting to be unreliable. Is anyone else getting a lot of false Issues reported with the Burp-hash extension? I get the following often and its not even valid within itself. Issue detail The REQUEST contains a SHA-384 hashed value that matches an observed parameter. Observed hash: 933dc2a4011e4e919771d764300888ad70d70357000000004...

    1 Agent Answer    0 Community Answer
    Apr 06, 2016 10:46PM UTC
  • wsdler and Basic Authentication

    I am using WSDLER against a web service which uses basic authentication. Even with 'Platform Authentication' enabled (Options>Connections) and the correct host/type/username/password set, attempting to parse the WSDL results in a "Can't parse WSDL" error. If I download the verbose version of wsdler (see the stack ...

    1 Agent Answer    0 Community Answer
    Apr 05, 2016 07:00PM UTC