Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • NotImplementedError with latest Jython release

    The following change for the latest Jython release might break some UI-centric extensions: "Abstract methods of an inherited class or interface from Java now raise NotImplementedError, instead of returning None (in Java, null) or some "zero", if they are not implemented in the extending Python class." source: http://www.jython.org/latest.html As described, if your Burp e...

    0 Community Answer
    Dec 10, 2015 07:37PM UTC
  • IRequestInfo getHeaders

    Why does the getHeaders method return a list<String> instead of a HashMap<String,String>. I think that everyone using getHeaders is now doing extra parsing on the list of strings since the normal usage would be something like this: headers = info.getHeaders(); String content-length = headers.get("content-length"): The List<String> is really unpractical and I am c...

    3 Agent Answers    4 Community Answers
    Dec 03, 2015 03:08PM UTC
  • IExtensionHelpers.makeHttpRequest() with cookies

    It appears that IExtensionHelpers.makeHttpRequest(URL) does not include session cookies in the resulting request. How can I construct a GET request that includes the session cookies? Is there a helper method to get all the appropriate cookies for a particular domain/path?

    2 Agent Answers    2 Community Answers
    Nov 20, 2015 09:44AM UTC
  • Scanner vs processHttpMessage (python)

    Dear All, I have the following processHttpMessage() function to modify the scanner requests and check SQLi: def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): # only process requests if messageIsRequest and toolFlag == callbacks.TOOL_SCANNER: if self._helpers.analyzeRequest(messageInfo.getRequest()).getMethod() == 'GET': method = IPara...

    1 Community Answer
    Nov 17, 2015 08:54AM UTC
  • Jython Error for Burp Extension

    Hey, I am trying to configure the jython api for Burp Suite and I am getting the following error. Does anyone know what I can do to fix this? root@osboxes:~/jython-burp-api# java -jar jython.jar -Dpython.path=Lib/ run.py -B burp.jar -i -d -v 2015-11-13 00:13:24,298 - BurpExtender - ERROR - Could not load console tab Traceback (most recent call last): File "/root/jython-burp-api/Lib/bu...

    1 Agent Answer    0 Community Answer
    Nov 13, 2015 05:40AM UTC
  • getComment() not returning comment

    Hey, I've wanted to read the comment of a request/response object. I'm using Jython and Java8. It's an implementation of a passive scanner, and the way I wanted to access: self._requestResponse.getComment() If I print the result it is always a None value, despite having set a comment on that particular RR. Tried it with putting the comment on the RR in the Proxy tab as well...

    1 Agent Answer    2 Community Answers
    Nov 04, 2015 11:39AM UTC
  • Extender API broken link

    Hi, the extender page (https://portswigger.net/burp/extender/) has a link to a 2012 post titled "Writing your first Burp Suite extension" at http://blog.portswigger.net/2012/12/writing-your-first-burp-extension.html which has a link with the text "Download the Burp Extender interface files" but that points to https://portswigger.net/burp/extender/api/burp_extender_api.zip whic...

    1 Agent Answer    0 Community Answer
    Oct 20, 2015 08:03AM UTC
  • Intruder view original payload in the results

    Hello! How can i do to view original payload in the results table intruder, before Processing payload rules. I try to do this: [code="python"] def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo): if not messageIsRequest and self._callbacks.TOOL_INTRUDER == toolFlag: messageInfo.setComment("original payload") [/code] But comment ...

    2 Agent Answers    2 Community Answers
    Oct 02, 2015 01:22PM UTC
  • makeHttpRequest is very slow

    Hi all, I'm writing an extension that aims at sending many requests from multiple sessions of different users. Currently, I'm using callbacks.makeHttpRequest(...) to send requests but that method takes a very long time to finish. My server is local and pretty fast, so communication does't take that much of time. Is there any faster way to replace that method? I'm thinki...

    3 Agent Answers    3 Community Answers
    Sep 15, 2015 02:03PM UTC
  • JUnit test with Burp Extensions

    Hi, I'm developing a Burp Extension and want to add some testing. Is there a way to create IHttpRequestResponse objects manual? Or retrieve callbacks during a JUnit test, without starting Burp. I do not really know what to do. Thanks for your help!

    1 Agent Answer    0 Community Answer
    Sep 14, 2015 03:48PM UTC