Extensibility API

The extensibility API is extremely rich and powerful, and lets extensions carry out numerous useful tasks. You can:

New to Extender?

'Writing your first Burp Suite extension' includes sample stub code that you can use to base your extension on.

Read More

BApp Store

Numerous extensions written by Burp users are available to install from the BApp Store.

Read More

API Documentation

View the full technical details for the latest Burp API, within the online Javadoc.

To view or save a copy of the interface code files for your version of Burp, go to Extender / APIs.

Note: Prior to v1.5.01, Burp exposed a much more restricted legacy API.

Sample extensions to get you started

Below are some examples of simple extensions, including examples using Java, Python and Ruby. You can also view the source code for all BApp Store extensions on our GitHub page.

Name Description Get File
Hello world This is a very simple extension that prints some output to various locations within Burp.
Event listeners This extension registers listeners for various runtime events, and prints a message when each event occurs.
Traffic redirector This extension redirects all outbound requests from one host to another.
Custom logger This extension adds a new tab to Burp's user interface, and displays a log of HTTP traffic for all Burp tools, in the style of Burp's Proxy history.
Custom editor tab This extension adds a new tab to Burp's HTTP message editor, in order to handle an unsupported data serialization format.
Custom scan insertion points This extension provides custom attack insertion points for active scanning, allowing Burp's scanning engine to work with an unsupported data serialization format.
Custom scanner checks This extension implements custom checks to extend the capabilities of Burp's active and passive scanning engines.
Custom session tokens This extension demonstrates working with custom session tokens that Burp normally doesn't understand.
Intruder payloads This extension provides custom Intruder payloads and payload processing.

Burp Community

For more help and examples of Burp extensions, you can refer to the Burp Extensions community discussions in the Support Center.

Get more help

Note: Because of the way in which Jython and JRuby dynamically generate Java classes, you may encounter memory problems if you load several different Python or Ruby extensions, or if you unload and reload an extension multiple times. If this happens, you will see an error like:

java.lang.OutOfMemoryError: PermGen space

You can avoid this problem by configuring Java to allocate more PermGen storage, by adding a -XX:MaxPermSize option to the command line when starting Burp. For example:

java -XX:MaxPermSize=1G -jar burp.jar