Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility

Burp Extensions

Make a new post

  • wsdler and Basic Authentication

    I am using WSDLER against a web service which uses basic authentication. Even with 'Platform Authentication' enabled (Options>Connections) and the correct host/type/username/password set, attempting to parse the WSDL results in a "Can't parse WSDL" error. If I download the verbose version of wsdler (see https://blog.netspi.com/hacking-web-services-with-burp/) the stack ...

    1 Agent Answer    0 Community Answer
    Apr 05, 2016 07:00PM UTC
  • Request/response timing

    Hi, I've been playing with java api to try and extract timing info for intruder sessions. Using the custom logger as a base I'm putting the request url and current time into a map, then when a response is received looking up the url in the map, getting the time and subtracting it from the current time. Is this a reliable way of approaching it? It seems to produce reasonable results.

    1 Agent Answer    0 Community Answer
    Mar 22, 2016 04:37PM UTC
  • Highlighting in extension-generated IScanIssue instances

    Built-in scanner issues can apply highlight to both requests and responses, however I don't see any API to do so in IScanIssue instances generated by extensions. The method getHttpMessages() returns an array of IHttpRequestResponse instances, but that only has a get/setHighlight() used for color highlighting, not the positional highlights used by built-in scan issues. Am I missing something? ...

    1 Agent Answer    1 Community Answer
    Mar 18, 2016 01:05PM UTC
  • Confusion on InsertionPoints / active scan module

    Hi, I'm trying to make the DetectDynamicJS extension an active scanner extension instead of a passive scanner, which it is right now, to adhere to the rule that passive scanners don't issue requests. I'm a little confused about the workings of insertion point / active scan. All the extension needs to do is issue one, or sometimes two requests, which is by the way re-issuing t...

    1 Agent Answer    2 Community Answers
    Mar 18, 2016 10:02AM UTC
  • How to detect active and/or passive scanning activity is done

    Hi, I need help on the Burp Extensions. I would like to generate customized issue reports once active and/or passive scanning activity is done. But how to get ScanQueueItem status or percentage in order to know if the scanning activities are done when the request is triggered by browser, not by Burp Extension itself?

    3 Agent Answers    3 Community Answers
    Mar 17, 2016 03:50AM UTC
  • Burp Extension API - list available proxy interfaces

    I am writing a Burp plugin that helps with proxying devices that do not have configurable proxy settings. To do this, I have the extension intercept DNS queries and respond with an IP address that points to an already running Burp proxy listener. Right now, I have to manually type the address of my Burp proxy. However, it would be convenient to simply have a drop-down of my currently active Burp p...

    2 Agent Answers    1 Community Answer
    Mar 11, 2016 07:39PM UTC
  • Problem in using SQLiPy extender

    Hi, I am getting Importerror while starting SQLiPy.py api. Error thrown is no module named burp. I have loaded jython stand alone jar file. Other python extender like Authorize is working fine. Please do the help.

    0 Community Answer
    Mar 10, 2016 07:32AM UTC
  • Problems with availability of HashMap in doPassiveScan (noob level)

    Hi, First of all sorry for this stupid noob question, but it has been driving me crazy for hours now. Why is "hostHashMap" null in "doPassiveScan"? How can I make hostHashMap available? Many thanks in advance! package burp; import java.awt.Component; import java.io.PrintWriter; import javax.swing.JSplitPane; import java.util.HashMap; import java.util.L...

    1 Agent Answer    0 Community Answer
    Mar 06, 2016 08:10PM UTC
  • burp extensions using makeHttpRequest

    I'm trying to create a python Burp Extension where I new to do an HTTP request. I would like to use makeHttpRequest, however I'm getting the error: "java.lang.RuntimeException: java.lang.RuntimeException: Extensions should not make HTTP requests in the Swing event dispatch thread" How can I fix this? I already tried to create a new thread with the makeHttpRequest but uns...

    1 Agent Answer    0 Community Answer
    Feb 29, 2016 05:08PM UTC
  • Proxy PAC support

    Hello there, A friend and I developed an extension in order to support proxy.pac files: https://github.com/vincd/burpproxypacextension The extension uses the proxy-vole library. Feel free to report bugs and ideas for improvement. Cheers.

    2 Community Answers
    Feb 28, 2016 09:18PM UTC