Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • Pasting dynamic generated text into an intercepted HTTP request / response

    Hi everyone I am attempting to add a new feature to my extension. Basically I would like to add dynamic generated text (for instance plain HTML) into an intercepted HTTP request or response. Currently I am not sure what is the best (or easiest) way to achieve this. It would be nice if I am able to implement it like the following: 1. The user enables the HTTP interceptor 2. The user sele...

    1 Agent Answer    1 Community Answer
    Oct 29, 2016 02:22PM UTC
  • ISessionHandling - detect if proxy is clicked in the tools scope (programmitacally) - Java

    Hello, I would like to know, if there is a solution for detecting, if the checkmark is clicked on "Proxy (use with caution)" in the session handling rule editor (programatically) ? I am using the ISessionHandling interface to manipulate some requests and I have one method which should be only called, when the checkmark is clicked (something like isProxyActive...). I also would li...

    3 Agent Answers    3 Community Answers
    Oct 27, 2016 07:10AM UTC
  • Type is showing up as "Legacy Java" ??

    Hi, I am just starting to learn about writing extensions for Burp and am using Eclipse/Java. I have built and run my first "Hello World" extension and am wondering why Burp is showing it as "Legacy Java" on the Extender/Extensions tab. Is it because I have added the BurpSuite jar to my project by going to Project->Properties on the top toolbar, selecting "Java Build ...

    1 Agent Answer    0 Community Answer
    Oct 25, 2016 04:58PM UTC
  • decoding/encoding http request

    Hello, I want to use following request to send it to the server!. /**********************************************/ POST /vaadin_vulnerabilities/UIDL/?v-uiId=2 HTTP/1.1 Host: localhost:8080 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0....

    1 Agent Answer    0 Community Answer
    Oct 19, 2016 12:56PM UTC
  • Intruder/Payload pattern-matching algorithms

    Hello everyone, I have to "copy" some of the functionalities within burp for writing my own extension. This includes the "Intruder" tab aswell. To be honest the "Intruder" tab in burp is really really amazing. It automatically preselects some variables which can be interesting for you. You are also able to add variables in a manual way. What I need to know is h...

    1 Agent Answer    0 Community Answer
    Oct 18, 2016 01:40PM UTC
  • IHttpRequestResponse - setRequest(byte[] message)

    I am currently working on writing my own extension for burp suite: I get an exception when using the "setRequest(byte[] message)"from the IHttpRequestResponse interface, which looks like: java.lang.UnsupportedOperationException: Data is read only at burp.wgf.setRequest(Unknown Source) at burp.BurpExtender.sendRequest( at burp.BurpExtender$1$1.actionPerform...

    2 Agent Answers    1 Community Answer
    Oct 13, 2016 12:50PM UTC
  • Debug Java-Project

    Hello, I am writing my own extension for burp and I was wondering if someone could tell me, if there is a way I can use the debug mode in my eclipse project to detect bugs etc.? The current situation is that whenever I change something in my code, I build a new .jar file and add this to burp. Best regards, Nazar Medeiros

    1 Agent Answer    2 Community Answers
    Oct 12, 2016 01:15PM UTC
  • Modifying message

    Hi, I,m writing an extension which decrypt requests and responses and send it to Proxy-Intercept tab. So, I want to modify this message,ecrypt it and send forward, but message what is modified will not changed. In example below rsp_msg2 = response.to_a (after modifying in intercept tab). How can I get modified in proxy-intercept tab message? Ruby code: def processProxyMessage(messageIsReque...

    2 Agent Answers    2 Community Answers
    Sep 30, 2016 09:02AM UTC
  • Burp Suite 1.7 and carbonator

    Hi, we were using Burp Suite Pro with Carbonator extension for a long before and it was working well as we have automated scans by launching it from command line. From version 1.7 we had to make some changes in script, looks like scan is working, but report which is generated is empty, shows no issues. Instead, Burp suite shows vulnerabilities in application, but it is not reflected in report at ...

    1 Agent Answer    0 Community Answer
    Sep 27, 2016 09:33AM UTC
  • Burp scanner: how to add support for csrf tokens

    I'm having an issue with the Burp Scanner: when anti-csrf tokens are present, it seems the scanner cannot handle it and it faild to perform active/passive scans. Would it be possible through Burp Extension capabilities to add a feature so Burp checks each requests, extracts the CSRF token, and adds it to the submittion request? Thanks,

    3 Agent Answers    2 Community Answers
    Sep 23, 2016 12:23PM UTC