Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • Problem with IScanIssue getHttpMessages()

    I have users reporting issues with an extension that was working fine in 1.6x but is having a problem in 1.7.04 (I did not try with any earlier 1.7x release). The root cause is that the IScanIssue getHttpMessages() method appears to always return an empty array. Is this a known issue? I have a simple extension that can reproduce the problem if you would like to see how I am using the IScanIssue in...

    2 Agent Answers    2 Community Answers
    Aug 06, 2016 12:33AM UTC
  • SQLPy Extension

    Hi I cannot find the START SCAN button on the new version of SQLPy extension. Please help.

    2 Agent Answers    1 Community Answer
    Jul 29, 2016 03:00PM UTC
  • Modifying message before intercepting

    Hi, I'm writing an extension which uses processProxyMessage() to modify the targets and bodies of various requests in various ways. For certain requests, I use message.setInterceptAction(ACTION_DO_INTERCEPT) to have the request intercepted by Burp's proxy gui. My issue is that when the request appears in Burp's proxy gui, it is being sent to the original target, rather than my...

    2 Agent Answers    0 Community Answer
    Jul 25, 2016 06:23PM UTC
  • processmessage called multiple times

    Hi, I'm working on an extension that uses the IProxyListener's processProxyMessage, and I've noticed that processProxyMessage is seemingly called 3 times for each request (not response, specifically request). Is there a reason for this? Thank you

    1 Agent Answer    0 Community Answer
    Jul 19, 2016 05:40PM UTC
  • Swagger Parser and Wsdler improvement

    Hi Portswigger, I don't know if you already got a similar request. I would love to see a Burp Extension similar to Wsdler but for Swagger files (REST API testing) released. This would avoid having to chain Burp (and therefore make life easier for us pentester) to SOAP-UI in order to extract/parse and visualise the different methods call which can be sent to an API. Moreover, right now, w...

    1 Agent Answer    4 Community Answers
    Jul 14, 2016 02:26PM UTC
  • Remove URL from Scope

    Hi, Is there any way to remove a URL from the list of target scopes? (Not excluding a url, just removing it from the include list) Thank you

    2 Agent Answers    1 Community Answer
    Jul 08, 2016 05:57PM UTC
  • How to send a request with different cookie value

    Hi, I'm a noob and I would like to create an extension that after selecting a previous request allows to send automatically a new request with a different value for a certain cookie. Is this possible? If yes which API's libraries should I use? Is there an example that I could use as a starting point? Thanks

    0 Community Answer
    Jul 03, 2016 11:31AM UTC
  • Issue and question when implementing a ScannerInsertionPointProvider

    Hi, Earlier this week I implemented a ScannerInsertionPointProvider to allow the active scanner to scan the custom type of multi-value parameters used by an application I was testing. Basically some parameters contained multiple values separated by one of a few separator characters (usually a special character like ~, _, ! etc.) where each value was then handled separately by the application. T...

    1 Agent Answer    1 Community Answer
    Jul 02, 2016 03:51PM UTC
  • lack of "/" in InsertionPoint

    Hi, Burp Support Team I am trying to write an extension to improve activeScan. But I encountered a problem. When I sent to activeScan, my extension can receive insertionPoint of type 0x25(INS_URL_PATH_FILENAME) and it's value is "test". But When I sent to activeScan, my extension can not receive insertionPoint of type 0x25(INS_UR...

    1 Agent Answer    0 Community Answer
    Jun 28, 2016 05:22PM UTC
  • Custom issues in Burp-report

    Hi Team, I have created an extender. Now, I want to run my extender along with active scan. What are all the steps to be followed? Request your guidance/support for the above said query. Thanks in advance. Regards, Subash.T

    1 Agent Answer    0 Community Answer
    Jun 09, 2016 07:02AM UTC