Enterprise Edition
Adding extensions to Burp Suite Enterprise Edition
-
Last updated: July 16, 2024
-
Read time: 2 Minutes
When you add extensions to Burp Suite Enterprise Edition, they are uploaded to your Extension library. Users can then apply extensions from this central repository on a site-by-site basis for them to be used during scans.
Prerequisite permissions for adding extensions
Only users with the Manage extensions
permission can add extensions to the library. Initially, this is only assigned to the built-in Administrator
role.
Warning
Be careful when granting this permission to additional users. During a scan, extensions run on your scanning machine with the permissions of the burpsuite
OS user. Therefore, there is a potential security risk if someone inadvertently uploads a fake extension created by a malicious third party.
Adding BApps to Burp Suite Enterprise Edition
To add a BApp:
-
Download the BApp from the BApp Store. Make sure that it is compatible with Burp Suite Enterprise Edition - you can filter the store to make this easier.
-
Log in to Burp Suite Enterprise Edition as a user with permission to manage extensions.
-
From the settings menu , select Extensions to open the Extension library.
-
On the BApp extensions tab, click Upload BApp.
-
Select the
.bapp
file that you downloaded from the BApp Store.
The extension is now in your Extension library. Your users can apply the extension to specific sites to use it during scans.
Adding custom extensions to Burp Suite Enterprise Edition
If you're proficient in Java, you can create your own custom extensions for Burp Suite Enterprise Edition. Learn more about Creating Burp extensions.
To add a custom extension:
-
Log in to Burp Suite Enterprise Edition as a user with permission to manage extensions.
-
From the settings menu , select Extensions to open the Extension library.
-
On the Custom extensions tab, click Upload extension.
-
Select the JAR file for the extension.
-
Enter a name and description for the extension, then click Add.
The extension is now in your Extension library. Your users can apply the extension to specific sites to use it during scans.
Adding BChecks to Burp Suite Enterprise Edition
You can download BChecks created by PortSwigger, and by the Burp Suite community, from the BChecks GitHub repository.
If you have access to Burp Suite Professional, you can also create your own BChecks, enabling you to target your scans and make your testing workflow as efficient as possible. For more information, see Creating BChecks.
To add a BCheck:
-
Log in to Burp Suite Enterprise Edition as a user with permission to manage extensions.
-
From the settings menu , select Extensions to go to the Extension library.
-
On the BChecks tab, click Upload BCheck.
-
Select the BCheck you want to upload.
Files that you want to import should be in plain text format with a
.bcheck
extension.
The extension is now in your Extension library. Your users can apply the extension to specific sites to use it during scans.