Unlock enhanced API scanning with Burp Suite Enterprise Edition  –  Learn more

Enterprise Edition

Adding extensions to Burp Suite Enterprise Edition

  • Last updated: July 16, 2024

  • Read time: 2 Minutes

When you add extensions to Burp Suite Enterprise Edition, they are uploaded to your Extension library. Users can then apply extensions from this central repository on a site-by-site basis for them to be used during scans.

Prerequisite permissions for adding extensions

Only users with the Manage extensions permission can add extensions to the library. Initially, this is only assigned to the built-in Administrator role.

Warning

Be careful when granting this permission to additional users. During a scan, extensions run on your scanning machine with the permissions of the burpsuite OS user. Therefore, there is a potential security risk if someone inadvertently uploads a fake extension created by a malicious third party.

Adding BApps to Burp Suite Enterprise Edition

To add a BApp:

  1. Download the BApp from the BApp Store. Make sure that it is compatible with Burp Suite Enterprise Edition - you can filter the store to make this easier.

  2. Log in to Burp Suite Enterprise Edition as a user with permission to manage extensions.

  3. From the settings menu , select Extensions to open the Extension library.

  4. On the BApp extensions tab, click Upload BApp.

  5. Select the .bapp file that you downloaded from the BApp Store.

The extension is now in your Extension library. Your users can apply the extension to specific sites to use it during scans.

Adding custom extensions to Burp Suite Enterprise Edition

If you're proficient in Java, you can create your own custom extensions for Burp Suite Enterprise Edition. Learn more about Creating Burp extensions.

To add a custom extension:

  1. Log in to Burp Suite Enterprise Edition as a user with permission to manage extensions.

  2. From the settings menu , select Extensions to open the Extension library.

  3. On the Custom extensions tab, click Upload extension.

  4. Select the JAR file for the extension.

  5. Enter a name and description for the extension, then click Add.

The extension is now in your Extension library. Your users can apply the extension to specific sites to use it during scans.

Adding BChecks to Burp Suite Enterprise Edition

You can download BChecks created by PortSwigger, and by the Burp Suite community, from the BChecks GitHub repository.

If you have access to Burp Suite Professional, you can also create your own BChecks, enabling you to target your scans and make your testing workflow as efficient as possible. For more information, see Creating BChecks.

To add a BCheck:

  1. Log in to Burp Suite Enterprise Edition as a user with permission to manage extensions.

  2. From the settings menu , select Extensions to go to the Extension library.

  3. On the BChecks tab, click Upload BCheck.

  4. Select the BCheck you want to upload.

    Files that you want to import should be in plain text format with a .bcheck extension.

The extension is now in your Extension library. Your users can apply the extension to specific sites to use it during scans.

Was this article helpful?