Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • Scanner vs processHttpMessage (python)

    Dear All, I have the following processHttpMessage() function to modify the scanner requests and check SQLi: def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): # only process requests if messageIsRequest and toolFlag == callbacks.TOOL_SCANNER: if self._helpers.analyzeRequest(messageInfo.getRequest()).getMethod() == 'GET': method = IPara...

    1 Community Answer
    Nov 17, 2015 08:54AM UTC
  • Jython Error for Burp Extension

    Hey, I am trying to configure the jython api for Burp Suite and I am getting the following error. Does anyone know what I can do to fix this? root@osboxes:~/jython-burp-api# java -jar jython.jar -Dpython.path=Lib/ run.py -B burp.jar -i -d -v 2015-11-13 00:13:24,298 - BurpExtender - ERROR - Could not load console tab Traceback (most recent call last): File "/root/jython-burp-api/Lib/bu...

    1 Agent Answer    0 Community Answer
    Nov 13, 2015 05:40AM UTC
  • getComment() not returning comment

    Hey, I've wanted to read the comment of a request/response object. I'm using Jython and Java8. It's an implementation of a passive scanner, and the way I wanted to access: self._requestResponse.getComment() If I print the result it is always a None value, despite having set a comment on that particular RR. Tried it with putting the comment on the RR in the Proxy tab as well...

    1 Agent Answer    2 Community Answers
    Nov 04, 2015 11:39AM UTC
  • Extender API broken link

    Hi, the extender page (https://portswigger.net/burp/extender/) has a link to a 2012 post titled "Writing your first Burp Suite extension" at http://blog.portswigger.net/2012/12/writing-your-first-burp-extension.html which has a link with the text "Download the Burp Extender interface files" but that points to https://portswigger.net/burp/extender/api/burp_extender_api.zip whic...

    1 Agent Answer    0 Community Answer
    Oct 20, 2015 08:03AM UTC
  • Intruder view original payload in the results

    Hello! How can i do to view original payload in the results table intruder, before Processing payload rules. I try to do this: [code="python"] def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): if not messageIsRequest and self._callbacks.TOOL_INTRUDER == toolFlag: messageInfo.setComment("original payload") [/code] But comment ...

    2 Agent Answers    2 Community Answers
    Oct 02, 2015 01:22PM UTC
  • makeHttpRequest is very slow

    Hi all, I'm writing an extension that aims at sending many requests from multiple sessions of different users. Currently, I'm using callbacks.makeHttpRequest(...) to send requests but that method takes a very long time to finish. My server is local and pretty fast, so communication does't take that much of time. Is there any faster way to replace that method? I'm thinki...

    3 Agent Answers    3 Community Answers
    Sep 15, 2015 02:03PM UTC
  • JUnit test with Burp Extensions

    Hi, I'm developing a Burp Extension and want to add some testing. Is there a way to create IHttpRequestResponse objects manual? Or retrieve callbacks during a JUnit test, without starting Burp. I do not really know what to do. Thanks for your help!

    1 Agent Answer    0 Community Answer
    Sep 14, 2015 03:48PM UTC
  • IScannerCheck -- Consolidate Duplicate issues method

    My question is about the consolidateDuplicateIssues Method. Currently I am writing an extension that passively scans for certain strings in requests. The problem is that there are multiple requests for each site, and the same string in each of the requests. This results in a great deal of duplicate issues, which is the exact problem that the method to , well, consolidate issues is supposed to cor...

    2 Agent Answers    1 Community Answer
    Sep 14, 2015 03:14PM UTC
  • Highlight a tab

    Is it possible to highlight an extension tab? When you do "Send to repeater" the repeater tab is highlighted. I'm working on a reporting extension, and I've added "Send to report" to the context menu. I'd like it to highlight the report tab. Many thanks! Paul

    1 Agent Answer    1 Community Answer
    Sep 14, 2015 12:57PM UTC
  • How do I Set a Token in URL Directory.

    Hi, I want to set a token in URL Directory. And, I use macro. so I want to custmize Macro (on Intruder). Test Site has a Token in URL directory, don't have a url parameter. (Exp. http://xxxxxxxx/test/123456token/) How do I set a Token in URL Directory? I made extender using ISessionHandlingAction. But, I can not custmize macro & intruder...

    1 Agent Answer    0 Community Answer
    Sep 10, 2015 03:00AM UTC