Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • Issue Deserializing AMF messages with burpsuite

    I am unable to deserialize AMF messages in response only. I am using the current version of Burpsuite. I have used both the builtin in AMF analyze and display option and the AMFDSer extension. They were only able to deserialize the request sent from the client. I have used both of them together and individually, and tried to use them with previous versions of burp too. None of that worked. Can any...

    0 Community Answer
    Apr 11, 2017 06:34PM UTC
  • Intercept Burp's requests and set authenticated upstream proxy.

    Hi, I want create an extension that will intercept and proxy Burp's requests. I noticed I can implement IHttpListener and override processHttpMessage() and set a new IHttpService for each request. The problem is that I need to set basic auth to the proxy but I can not pass that information to buildHttpService(String host, int port, String protocol); Any ideas? Thanks

    1 Agent Answer    0 Community Answer
    Apr 09, 2017 02:43PM UTC
  • Dynamically Applying Highlight Markers

    Hi, Currently I am working on an extension to dynamically apply markers (user defined) to highlight certain specific areas within requests and responses. This works well if I have an "issue" with only one request-response combo. When encountering issues with multiple requests-responses, I therein stumble upon an error message which reveals that overlapping string indexes, marked f...

    2 Agent Answers    2 Community Answers
    Apr 06, 2017 08:27PM UTC
  • Possible Classpath Issues when using beansbinding (JSR 295)

    Hi everyone I am currently trying to finalize my Burp Suite extension. To bind POJOs to the View (two-way binding) I am using beansbinding respectively betterbeansbinding (JSR 295). When I start my extension via NetBeans or load the extension via classpath (Legacy Java) everything works fine. When I load it via the Burp Suite Extender the two-way binding does not work anymore. I would really l...

    1 Agent Answer    1 Community Answer
    Mar 24, 2017 10:14AM UTC
  • Auto-marking parameters in URL paths in intruder

    The swurg extension allows parsing swagger json files into items in burp that can be then sent to intruder, repeater, or scanner. However, swagger json files allow for parameters inside URL paths. There seems to be no way to construct a URL path that can be auto-marked in the intruder tab. Manually placing ยง in the swagger json file before it is parsed will appear as a different unicode char...

    2 Agent Answers    2 Community Answers
    Mar 13, 2017 10:44PM UTC
  • Binding proxy on custom port programmatically

    In my extension i want to accept all requests on custom port (for example 1337). There is no actual server on my computer, just another tool in the Internet, which would send there requests. I thought about proxy listener, but didnt find, how to bind proxy on port inside my extension. Maybe there is a better way to do it (catch all requests on port 1337 programmatically)?

    1 Agent Answer    0 Community Answer
    Mar 12, 2017 06:01AM UTC
  • Making new custom tab in Intruder

    Hey, guys. I want to make new custom tab like this , but in Intruder, but didnt find API to do it. Is it possible?

    1 Agent Answer    0 Community Answer
    Mar 06, 2017 12:44PM UTC
  • extract all parameters in request before scanner starts

    I need to extract all parameters in request before scanner starts. I know that "doActiveScan" of IScannerCheck interface finds parameters, but parameter names can be extracted after active the scanner starts working. but I need parameter names before scanner starts, so I can select which parameters to scan. I think it can be done with IScannerInsertionPointProvider, but I don't k...

    3 Agent Answers    2 Community Answers
    Feb 28, 2017 05:40AM UTC
  • doActiveScan is not getting called and no Active Scanning is performed

    Hello I'm burp pro user the Issue i'm facing is the doActiveScan is not getting called for the example provided in teh blog When i try to Invoke it manually on the IHttpListener method processHttpMessage callbacks.doActiveScan("********.com", 443, true, messageInfo.getRequest()); the doAct...

    1 Agent Answer    0 Community Answer
    Feb 24, 2017 10:12AM UTC
  • Burp automation encountered error: Attempting to auto-select SSL parameters

    Hi: I built an extension and it is working fine to login, select scope, spider and do active scan. The scan takes a few hours. On windows setting, the scan can finish in 2 and half hour. On linux machine, however, it failed in the middle of the scan: what should I change on the Burp setting? It is the same server Burp is scanning. The difference is Linux Burp and Windows Burp. Thanks...

    1 Agent Answer    0 Community Answer
    Feb 08, 2017 04:19PM UTC