Introduction
Burp Suite is a powerful tool for web application security testing, and its functionality can be significantly enhanced through extensions. The BApp Store is Burp Suite's official marketplace for extensions created by the community and PortSwigger's own team. These extensions can add new scanning capabilities, provide utility functions, or integrate with other tools.
In this lab, you will learn the fundamental process of adding new features to Burp Suite by installing an extension from the BApp Store. We will use 'Logger++', a popular and highly useful extension, as our example.
Navigate to the Extender > BApp Store Tab
In this step, you will open the BApp Store within Burp Suite. The setup process has already launched the Burp Suite application for you. You should see its window on the desktop.
First, locate the main tab bar at the top of the Burp Suite window. You will see tabs like Dashboard, Target, Proxy, etc.
Click on the Extender tab.
Dashboard Target Proxy Intruder Repeater Sequencer Decoder Comparer Extender ...
Once you are in the Extender section, you will see a new set of sub-tabs. Click on the BApp Store tab to view the list of available extensions. It may take a few moments to load as Burp Suite fetches the latest list from the internet.
Select an Extension, such as 'Logger++'
In this step, you will find and select the 'Logger++' extension from the list. The BApp Store contains numerous extensions, sorted by popularity by default.
Scroll through the list of extensions to find 'Logger++'. It is a very popular extension, so it should be near the top of the list.
Once you find 'Logger++', click on its name in the list. The right-hand pane will update to show the details of the extension, including a description, its author, user rating, and version history. Take a moment to read the description to understand its purpose, which is to log all traffic from all Burp Suite tools in a sortable table.
Click the 'Install' Button
In this step, you will install the selected extension.
With the 'Logger++' extension selected and its details visible in the right-hand pane, locate the Install button. This button is typically located in the upper-right corner of the details pane.
Click the Install button.
Burp Suite will download and install the extension. You may see a brief progress bar during the installation. Once the installation is complete, the Install button will change to Reinstall, indicating that the extension is now installed.
Navigate to the Extender > Extensions Tab
In this step, you will navigate to the list of installed extensions to confirm that 'Logger++' has been added.
After the installation is complete, you need to check if Burp Suite has loaded it correctly. To do this, stay within the Extender section but move to a different sub-tab.
Click on the Extensions sub-tab. It is located to the left of the BApp Store tab.
This tab displays a table of all extensions that are currently installed in Burp Suite, whether they came from the BApp Store or were added manually as custom extensions.
Verify the New Extension is Loaded and Active
In this step, you will verify that 'Logger++' is installed, loaded, and ready to use.
In the Extender > Extensions tab, look at the table of installed extensions. You should now see an entry for 'Logger++'.
To the left of the extension's name, there is a checkbox under the "Loaded" column. Ensure this box is checked. A checked box means the extension is active and running. By default, extensions are loaded automatically after installation.
The final confirmation is the appearance of a new tab on Burp Suite's main tab bar. Look at the very top of the window, and you should now see a new tab labeled Logger++. This indicates that the extension has been successfully loaded and has added its own user interface to Burp Suite.
Summary
Congratulations! You have successfully installed a Burp Suite extension from the BApp Store.
In this lab, you learned how to navigate to the BApp Store, search for and select a specific extension ('Logger++'), install it with a single click, and finally, verify that the extension was loaded and active within Burp Suite. This skill is fundamental to customizing the tool and unlocking its full potential for your security testing projects. You can now explore and install other extensions to further enhance your Burp Suite environment.