Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • Burp UI Development Using NetBeans

    Hey All, I am new to Burp Extender development (and Java programming in general). I have had some moderate success getting a handle on how to build Burp extensions, and using NetBeans to build GUIs. I am able to easily make a GUI to do what I want inside NetBeans, building my Java code from scratch. I am also able to work efficiently with Burp's APIs, as long as I don't mind using the...

    2 Agent Answers    1 Community Answer
    Dec 22, 2015 02:28AM UTC
  • start burp from perl script

    Hi, I try to start burp from a simple PERL script. Then do some tests after burp starts. my $cmd = "java -Xmx1g -Djava.awt.headless=true -jar \"c:\\BURP\\burpsuite_free_v1.6.30.jar \" 1> null 2>&1"; print "start burp with commnd: $cmd\n"; my $ret = `$cmd`; print "burp started: $ret\n"; #test(); exit 0; I can see burp started, but I...

    1 Agent Answer    0 Community Answer
    Dec 19, 2015 08:03PM UTC
  • How can i modify http requests with processHttpMessage

    Hello, Im using the following code to replace "ReplaceMe" string to "x" string in intruder request however response still didn't replace "ReplaceMe" string. public void processHttpMessage(String toolName, boolean messageIsRequest, IHttpRequestResponse messageInfo) { try { String lowerCaseToolName = toolName.toLowerCase(); if ("intruder".e...

    2 Agent Answers    4 Community Answers
    Dec 16, 2015 07:36AM UTC
  • how to start burp with specific extension loaded?

    Hi, I am doing burp automation test. I would like to know if there is a way to start burp with a specific extension loaded. I noticed that burp will start with the last configuration used. Is there a configuration file that we can specify which extension to load when burp starts? Thanks

    11 Agent Answers    11 Community Answers
    Dec 11, 2015 08:52PM UTC
  • Manual Install of Burp Extension

    Hi, I hope I didn't miss it anywhere on the website, but I couldn't find how to install a local Jython extension in Burp through the Manual Install-button in the BApp Store tab. The extension runs fine in Extender->Extensions, and then add it there. The reason I'd like to install it, is because the paths that I need for specifying are different ones for different extensions. A...

    1 Agent Answer    0 Community Answer
    Dec 11, 2015 11:25AM UTC
  • NotImplementedError with latest Jython release

    The following change for the latest Jython release might break some UI-centric extensions: "Abstract methods of an inherited class or interface from Java now raise NotImplementedError, instead of returning None (in Java, null) or some "zero", if they are not implemented in the extending Python class." source: As described, if your Burp e...

    0 Community Answer
    Dec 10, 2015 07:37PM UTC
  • IRequestInfo getHeaders

    Why does the getHeaders method return a list<String> instead of a HashMap<String,String>. I think that everyone using getHeaders is now doing extra parsing on the list of strings since the normal usage would be something like this: headers = info.getHeaders(); String content-length = headers.get("content-length"): The List<String> is really unpractical and I am c...

    3 Agent Answers    4 Community Answers
    Dec 03, 2015 03:08PM UTC
  • IExtensionHelpers.makeHttpRequest() with cookies

    It appears that IExtensionHelpers.makeHttpRequest(URL) does not include session cookies in the resulting request. How can I construct a GET request that includes the session cookies? Is there a helper method to get all the appropriate cookies for a particular domain/path?

    2 Agent Answers    2 Community Answers
    Nov 20, 2015 09:44AM UTC
  • Scanner vs processHttpMessage (python)

    Dear All, I have the following processHttpMessage() function to modify the scanner requests and check SQLi: def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): # only process requests if messageIsRequest and toolFlag == callbacks.TOOL_SCANNER: if self._helpers.analyzeRequest(messageInfo.getRequest()).getMethod() == 'GET': method = IPara...

    1 Community Answer
    Nov 17, 2015 08:54AM UTC
  • Jython Error for Burp Extension

    Hey, I am trying to configure the jython api for Burp Suite and I am getting the following error. Does anyone know what I can do to fix this? root@osboxes:~/jython-burp-api# java -jar jython.jar -Dpython.path=Lib/ -B burp.jar -i -d -v 2015-11-13 00:13:24,298 - BurpExtender - ERROR - Could not load console tab Traceback (most recent call last): File "/root/jython-burp-api/Lib/bu...

    1 Agent Answer    0 Community Answer
    Nov 13, 2015 05:40AM UTC