Burp Extensions - Burp Suite User Forum

Accessing Requests of Audit issue with No Response in Burp Suite Using an Extension

I have an issue detected by the issue handler in Burp Suite, where a time-based SQL Injection vulnerability is identified but there's no response in the issue details, only a request. How can I access this request using an...

Extensions Development - Burp Launching and Licensing Issue

Hi All, I am beginning to contribute to a Burp Suite extension and I'm running into some issues debugging. I have followed the instructions in this thread:...

Not able to convert string to JSON object in Burp Extension using Montoya API

Gson gson = new GsonBuilder().setPrettyPrinting().create(); String jsonString = "{ \"name\" : \"John\", \"age\" : \"20\", \"address\" : \"some address\" }"; JsonElement jelem = gson.fromJson(jsonString,...

JWT Editor cannot be loaded anymore

Hi, I installed the Burp Extension "JWT Editor" and used it for a couple of days. Now it is not loaded anymore when I start Burp. I unloaded and reloaded it, removed and re-installed it, JWT Editor is simply not working...

request().url() return value inconsistent

While working on an extension I came across an odd behavior but I'm not sure if it's expected or something with my extension code. It looks like for some reason, the HttpReuqestResponse.request().url() returns different...

sqlpyi

Hi I am trying to install sqlpyi but its not working , i tried many things but its showing sqlmap api is not running.I am using window machine. Colud you help me for this issue. Below some error when i tried to run...

api to toggle request method and body encoding

Hello Is there some api support to toggle http request? I konw the toggleRequestMethod can be use to toggle method from GET and POST，is there some one support toggle param to mutipart param in montoya api(like use it in the...

Are Jython extensions deprecated?

Hello, I was looking into writing an extension, and all of the current documentation seems to indicate it should be done in Java via the new Montoya API. Is Jython support going to go the way of the old extender API?...

How to limit binary response size

Hello I'm developing my extension to scan some backup file, like test.zip.But it will affect the performance when a large binary file be found.Is there some setting or some advices to limit the size of response in burp...

Global keyboard shortcut

Hi, I am writing an extension where it needs to access HttpRequestResponse object attached to currently focused editor from proxy, repeater, intruder tabs etc. I know context menu has this object encapsulated in event...

Fetch selected HTTP request/response without ContextMenu

Hello, thank you for your efforts on Burp's cool MontoyaAPI. I am currently developing an extension, and I would like to retrieve selected HTTP requests or responses from the Proxy History table or any other...

Persistence Ballooning Files

Hi, An extension I've built uses Montoya Persistence quite a lot. I previously ran into an issue where Burp files were ballooning because I was creating new lists every time I needed to save a new item to a list. I...

Get Only Selected Requests in Proxy History

I'm writing an extension using Montoya API. It needs to look at items in the proxy history and do some analysis. I see there is a method to get filtered items: List<ProxyHttpRequestResponse> history(ProxyHistoryFilter...

Using Hackvetor

Good day, in the solution for lab 17, how do we know the xml entity to use is "hex_entities" because there are more than 20 other entities we could use to encode. thank you.

Crawl.statusMessage in Montoya API is "Not yet implemented"

In a project I'm working on, I am trying to automate the scanning of a target in Burp Suite Professional. Because existing solutions like https://github.com/NetsOSS/headless-burp are old and have deprecation issues, I am...

How can i use global variable like fucntionality in burp repeater

I have a request in repeater and i want to store some values from this request as a global variable so that i can use them in other requests. it could be like in a key-value pair and stored in a seprate tab of extension...

Private Burp Collab Server Only Failing 'Verify DNS Interaction"

Hello, I am running into an issue where all checks are successful aside from DNS Verification. I have confirmed my config multiple times, but am still running into the same issue each time. I am using the server...

ClassNotFoundException from extension using Jersey

Dear support, I have written an extension that is using behind the scene Jersey. Jersey is an open source framework for developing RESTful Web Services in Java. It provides support for JAX-RS APIs and serves as a JAX-RS...

Getting the highlighted text in a HttpRequest or Response

Hey, Is it possible with Montoya or any other method in Java to get the highlighted text of a Request/response? I'm wanting to pass/get some highlighted text into a contextmenu event. Appreciate any help!

Folder for loading libraries/modules doesnt seem to work

"java":{ "folder_for_loading_library_jar_files":"path" }, "python":{ "folder_for_loading_modules":"path", "location_of_jython_standalone_jar_file":"path_jython" } This doesn't seem to take effect. I have taken...