ENTERPRISE

Extensions Burp Suite Enterprise Edition

  • Last updated: September 9, 2021

  • Read time: 4 Minutes

You can add extensions to Burp Suite Enterprise Edition to implement custom scan behaviors and capabilities. For example, you can create and add your own custom scan checks.

There are two different types of extension:

  • BApp extensions - BApp extensions, or "BApps" for short, are community-written extensions that we have reviewed against a set of quality guidelines. You can download all approved BApps for free from our BApp Store. Note that not all BApps are compatible with Burp Suite Enterprise Edition.

  • Custom extensions - Custom extensions are any extensions that you have not downloaded from the BApp Store.

You manage extensions by adding them to your extension library. Users can then apply extensions from the library on a site-by-site basis so that they are used during scans.

Extension library

The extension library is a collection of all extensions that you have made available to your users. To access the extension library, from the settings menu, select Extensions.

The library is split into two tabs, one for managing BApps and another for managing your custom extensions. From here, you can:

Adding extensions to Burp Suite Enterprise Edition

You add all extensions to Burp Suite Enterprise Edition from the extension library.

Prerequisite permissions for adding extensions

Only users with the Manage extensions permission can add extensions to the library. Initially, this is only assigned to the built-in Administrator role.

Warning

Be careful when granting this permission to additional users. During a scan, extensions run on your agent machine with the permissions of the burpsuite OS user. Therefore, there is a potential security risk if someone inadvertently uploads a fake extension created by a malicious third party.

Adding a BApp to Burp Suite Enterprise Edition

To add a BApp:

  1. Download the BApp from the BApp Store. Make sure that it is compatible with Burp Suite Enterprise Edition - you can filter the store to make this easier.

  2. Log in to Burp Suite Enterprise Edition as a user with permission to manage extensions.

  3. From the settings menu, select Extensions to open the extension library.

  4. On the BApp extensions tab, click Upload BApp.

  5. Select the .bapp file that you downloaded from the BApp Store.

  6. The extension is added to your library. Your users can now apply the extension to specific sites so that it can be used during scans.

Adding a custom extension to Burp Suite Enterprise Edition

To add a custom extension:

  1. Log in to Burp Suite Enterprise Edition as a user with permission to manage extensions.

  2. From the settings menu, select Extensions to open the extension library.

  3. On the Custom extensions tab, click Upload extension.

  4. Select the JAR file for the extension.

  5. Enter a name and description for the extension, then click Add.

  6. The extension is added to your library. Your users can now apply the extension to specific sites so that it can be used during scans.

Using extensions in Burp Suite Enterprise Edition

Once you have added an extension to your library, users can apply it to one or more sites. This means it will be used whenever a scan runs on that site.

Applying an extension to a new site

You can apply extensions while creating a new site. Under Additional settings, go to the Extensions section. Use the drop-down menu to select an extension from your library.

Applying an extension to an existing site

To apply an extension to an existing site, select the site and go to the Details tab. Click Edit, then scroll down to the Extensions section. Use the drop-down menu to select an extension from your library.

Viewing extension details

In the extension library, the list of installed extensions displays basic information about each one, such as when it was added, the version number, and so on. You can also click the question mark icon next to the name of each extension to view a detailed description of it.

Removing an extension

To stop using an extension for a particular site, go to the site's Details tab, scroll down to the Extensions section, then select the trash can icon next to the extension that you want to remove.

To remove an extension from Burp Suite Enterprise Edition completely, go to the extension library, then click the trash icon next to the extension. This extension will no longer be available for selection when editing or creating a site. It will also be removed from any sites that it was previously applied to.

Note

If you remove an extension while a scan is in progress, the scan will continue to use the extension until it is finished.

Creating a custom extension for Burp Suite Enterprise Edition

You create custom extensions for Burp Suite Enterprise Edition in the same way as for Burp Suite Professional or Community Edition. Please refer to the extensibility documentation for detailed instructions and some examples.

Note

Currently, Burp Suite Enterprise Edition only supports Java extensions.