Extension loaded in BurpSuite but not working

Question

Extension loaded in BurpSuite but not working

cybernova opened this issue 4 years ago · 17 comments

Hi,

I've loaded the extension in BurpSuite with no errors, but when requesting a resource with a 403 response, I don't see any other requests in the Proxy HTTP History.

I'm doing something wrong?

Thanks

Answer 1 · 2020-12-05T06:34:10.000Z

You ‘re doing fine. Normally, requests from any extension will not be logged to HTTP History. You can check Extender -> Output of any extension for more info.

Answer 2 · 2020-12-05T06:43:37.000Z

I don't see any output in the Extender -> Output section of the extension either.

Answer 3 · 2020-12-05T07:42:12.000Z

I don't see any output in the Extender -> Output section of the extension either.

Did you choose the extension you want to check output? Then you can refresh 403 page, and recheck output tab.

Answer 4 · 2020-12-05T08:21:20.000Z

Yes, I've done many times what you describe but still not working. No output and no error.

I'm using BurpSuite v2020.9.1 on Kali Linux

Answer 5 · 2020-12-05T08:24:13.000Z

@cybernova could you install Flow plugin and check the Burp outgoing traffic? (IMPORTANT: Flow plugin must be last item in "Burp extensions" list)

Answer 6 · 2020-12-05T08:29:59.000Z

@MMquant Ok, I tried but I don't see any useful output in Flow plugin tab. I've refreshed the 403 page, intercepted by the proxy but nothing.

Answer 7 · 2020-12-05T08:38:35.000Z

@cybernova could you

Screenshot your dashboard tab
Visit 403 page in browser
Screeshot the Flow tab (not Flow in Extender ... Flow has its own tab)

Answer 8 · 2020-12-05T08:45:34.000Z

@MMquant Sorry I didn't see the Flow tab, I was focusing on the Extender.

You can see the 403 resource requested.

Answer 9 · 2020-12-05T10:15:53.000Z

@cybernova i see, try to add “Live audit from proxy”.
Guide:
https://portswigger.net/burp/documentation/desktop/scanning/live-scans

Answer 10 · 2020-12-05T10:19:36.000Z

@sting8k Live audit can be enabled only with the Pro version which I don't have.

Answer 11 · 2020-12-05T15:16:58.000Z

@cybernova Try this: Right-click on any 403 request, Send to Passive scan. I am not sure if it is available on community version.

Answer 12 · 2020-12-05T15:28:26.000Z

@sting8k Nope, all the scan activities are not available for the Community version. So you guys tested the extension on the Pro version?

Answer 13 · 2020-12-05T15:44:46.000Z

@cybernova Yeah, I am using Pro version. I think you can use another tool like: https://github.com/lobuhi/byp4xx

Answer 14 · 2020-12-05T15:49:26.000Z

@sting8k Yes, I use that tool now. Thank you anyway

Answer 15 · 2020-12-06T07:39:34.000Z

i can't install it, how to fix?

Answer 16 · 2020-12-06T08:17:00.000Z

@zinminphyo0 you have to use not the Jython-installer.jar but the Jython-standalone.jar version

Answer 17 · 2020-12-06T08:58:26.000Z

It working , thank you so much @ cybernova