Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • Binding proxy on custom port programmatically

    In my extension i want to accept all requests on custom port (for example 1337). There is no actual server on my computer, just another tool in the Internet, which would send there requests. I thought about proxy listener, but didnt find, how to bind proxy on port inside my extension. Maybe there is a better way to do it (catch all requests on port 1337 programmatically)?

    1 Agent Answer    0 Community Answer
    Mar 12, 2017 06:01AM UTC
  • Making new custom tab in Intruder

    Hey, guys. I want to make new custom tab like this https://github.com/PortSwigger/example-custom-editor-tab , but in Intruder, but didnt find API to do it. Is it possible?

    1 Agent Answer    0 Community Answer
    Mar 06, 2017 12:44PM UTC
  • extract all parameters in request before scanner starts

    I need to extract all parameters in request before scanner starts. I know that "doActiveScan" of IScannerCheck interface finds parameters, but parameter names can be extracted after active the scanner starts working. but I need parameter names before scanner starts, so I can select which parameters to scan. I think it can be done with IScannerInsertionPointProvider, but I don't k...

    3 Agent Answers    2 Community Answers
    Feb 28, 2017 05:40AM UTC
  • doActiveScan is not getting called and no Active Scanning is performed

    Hello I'm burp pro user the Issue i'm facing is the doActiveScan is not getting called for the example provided in teh blog http://blog.portswigger.net/2012/12/sample-burp-suite-extension-custom_20.html When i try to Invoke it manually on the IHttpListener method processHttpMessage callbacks.doActiveScan("********.com", 443, true, messageInfo.getRequest()); the doAct...

    1 Agent Answer    0 Community Answer
    Feb 24, 2017 10:12AM UTC
  • Burp automation encountered error: Attempting to auto-select SSL parameters

    Hi: I built an extension and it is working fine to login, select scope, spider and do active scan. The scan takes a few hours. On windows setting, the scan can finish in 2 and half hour. On linux machine, however, it failed in the middle of the scan: what should I change on the Burp setting? It is the same server Burp is scanning. The difference is Linux Burp and Windows Burp. Thanks...

    1 Agent Answer    0 Community Answer
    Feb 08, 2017 04:19PM UTC
  • Burp CSJ

    When I attempt to use this extension using Firefox as the browser, an instance of Firefox shows pops up, hangs around for a while showing no activity, then I get an 'Exception Breakpoint' from Firefox and that's all she wrote. I have never had much luck with CSJ but this is a new low :(. Is there an update / fix for this condition, or a better Ajax crawler (preferably with Burp)? Th...

    1 Agent Answer    0 Community Answer
    Feb 08, 2017 12:32AM UTC
  • Making a request after every Scanner response, depending on the response contents.

    I'm not sure whether this is possible via a mixture of macros / an extension, but here's my problem. I'm trying to scan a request that creates an entry in a database, and the request includes the name of the new entry. The problem is, when running the request through the scanner, it will use the same name each time, and after the first request will result in an error message like...

    1 Agent Answer    0 Community Answer
    Feb 02, 2017 01:32AM UTC
  • burp command line

    Hi, I would like to bring up BURP using command line (without any GUI) for automation. Is there a way to bring it up without a project file? If I do not specify the project file on the command line, it will bring up GUI which I do not want to see. java -jar -Djava.awt.headless=true -Xmx1g burpsuite_file.jar --config-file=file1 --config-file=file2 Thanks

    2 Agent Answers    1 Community Answer
    Jan 31, 2017 03:34PM UTC
  • active scan is waiting

    Hi, I am working on extension that will send the url to do active scan. I noticed the urls I sent are all in "waiting" and need me to manually click "resume". Is there a way to make it scan without manual intervention? Thanks

    4 Agent Answers    4 Community Answers
    Jan 26, 2017 08:07PM UTC
  • registerSessionHandlingAction throwing errors

    Whenever I try to load callbacks.registerSessionHandlingAction(self) I get errors. I've seen other posts which are similar to mine, where Dafydd is able to run the extension without errors. (https://support.portswigger.net/customer/portal/questions/12695799-adding-a-header-with-isessionhandlingaction) I just want to inject a custom header. Here is my code: from burp import IBurpExtender ...

    1 Agent Answer    2 Community Answers
    Jan 26, 2017 05:31PM UTC