Burp Extender lets you load Burp extensions, to extend Burp's functionality using your own or third-party code.
Burp extensions can customize Burp's behavior in numerous ways, such as modifying HTTP requests and responses, customizing the UI, adding custom Scanner checks, and accessing key runtime information, including the Proxy history, Target site map and Scanner results.
For help on creating your own Burp extensions, including the extensibility API, see the main extensibility documentation.
The table shows a list of any installed extensions. You can add, remove and reorder extensions using the buttons by the extensions table. Please note:
Selecting an item in the extensions table shows information about that extension in the lower panel.
The Details tab shows the following information:
The Output tab contains details of the extension's standard output stream, and the Error tab contains the same information about the standard error stream. For each stream, you can configure whether the application's output should be directed to the system console, or saved to file, or displayed in the UI. Please note:
This tab contains options for extension settings and the Python environment.
This setting controls how Burp handles extensions when starting up. When Burp starts up, it automatically restores the configured list of available extensions. If this option is selected, Burp will also automatically try to reload any extensions in the list that were loaded at the time when Burp was shut down.
Note: If Burp was shut down with this setting selected, and you nonetheless want to restart Burp without automatically reloading any extensions then you can start Burp with the command line flag noeextensions. This will prevent Burp from automatically reloading any extensions.
These settings let you configure the environment for executing extensions that are written in Python. To use Python extensions, you will need to download Jython, which is a Python interpreter implemented in Java. The following options are available:
Note: Because of the way in which Jython dynamically generates Java classes, you may encounter memory problems if you load several different Python extensions, or if you unload and reload a Python extension multiple times. If this happens, you will see an error like:
java.lang.OutOfMemoryError: PermGen space
You can avoid this problem by configuring Java to allocate more PermGen storage, by adding a -XX:MaxPermSize option to the command line when starting Burp. For example:
java -XX:MaxPermSize=1G -jar burp.jar
Get help from other users, at the Burp Suite User Forum:
This release fixes a bug which was introduced in the v1.5rc2 release, and which caused the active scan checks for XSS to fail to execute in some situations