Burp Proxy Extender Plugin

Burp Proxy Extender Plugin

This plugin is a script developed in Java as an extender to the Burp Proxy API (Pro/Community).

Installation with NGINX and SSL Enable (Auto-Signed Certificate)

To enable Burp Plugin using NGINX and with SSL Enable you need the Name (e.g. server FQDN or YOUR name) that was set on the creation of the NGINX certificate.
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/faraday.key -out /etc/ssl/faraday.crt )

1. To open /etc/hosts file, execute:
$ sudo nano /etc/hosts
2. Add the following line to the file, save it, and then close it:

      <IP> <Common Name NGINX Cert>


3.
Now, execute the following command:
$ openssl s_client -connect <IP>:443

4.
See the output and save from:
-----BEGIN CERTIFICATE-----
Up to:
-----END CERTIFICATE-----
Into a file with extension .crt

5.
Navigate into:
$ cd <JAVA_HOME>/jre/lib/security

6.
Now execute:
$ keytool -import -v -trustcacerts -alias faraday -file ./<PATH_TO_CERT.CRT> -keystore cacerts

7. If it's all correct, you should navigate to:
      https://<Common_name_nginx>



Normal Installation

To download Faraday's Burp extension, follow this link

Once you have downloaded the extension, open Burp, and follow these steps:

  • Go to Extender -> Extensions and click the Add button.

  • In the Extension Details section, the extension type should be Java, and the extension file should be the path to the faraday-burp-plugin-v2.jar file that you downloaded above.


  • Click Next, and if everything went well, you should see no errors and you can close the window.

  • Now, make sure the extension is loaded in the Extensions tab.


Configuration options

Once the Faraday extension is loaded into your Burp, you will see a new tab called "Faraday".




Here, you can log in to Faraday and you can edit the extension's settings:

Login to Faraday

In order to connect the Faraday's Burp extension to Faraday, follow these steps:

  1. Set your Faraday Server URL. This should point to the same URL that you use when you are connecting to Faraday Server WebUI, (e.g: http://127.0.0.1:5985)

  2. Connect Burp to Faraday by clicking on the Connect button.


  1. Once you are connected, type your Faraday's credentials: username, password, and 2FA Token (if it's the case).

  2. Login into Faraday by click on the Login button. If everything goes well, Burp should pop up a Login successful! modal.



  1. Once you are logged in, you can edit the extension's settings.

Extension Settings


From here, you can:

  1. Choose the workspace where you want to work on.

  2. Choose whether the vulnerabilities should be imported automatically or not (it's disabled by default).

  3. Import the vulnerabilities you've found so far.

  4. Check if you want to use only Burp's scope.

Other Settings


From here, you can Restore Settings to default.

Send to Faraday

Once you have everything set up, you can send the issues or requests to Faraday.



    Still looking for answers? You can try opening a ticket.
      • Related Articles

      • Basic Plugin Development

        This is an example of a Faraday Plugin that process a xml report. Configure Custom Plugins Folder To add custom plugins in faraday you first need to add the path where you have your plugins in the config.ini under server config section. ...
      • Setting up a proxy

        Without logging out of Faraday, open a Terminal window and run these commands: For a proxy with authentication: $ export http_proxy=http://username:password@proxy_host:proxy_port/ $ export https_proxy=$http_proxy $ export faradaysrvip="192.168.1.10" ...
      • Faraday Plugin

        Intro In order to manage, add, and list information stored in faraday, we created fplugin, a simple plugin that allows you to interact directly with our Python API from the command line. It gives Faraday powerful scripting features and allows you to ...
      • Import CSV using faraday_csv Plugin

        With faraday_csv Plugin, you can upload data to Faraday by using CSV files.  Main header: The main headers for faraday_csv Plugin are target or ip. Both columns contain the same information (host's IP). Without any of them, Faraday won't recognize ...
      • A plugin added too much information to my database

        You can go to the Manage - Vulns tab in the Web GUI, filter the vulnerabilities by whichever parameter you'd like, select them all and then click on Delete to remove them from the database. If you know which tool brought the information you want to ...