Burp Extender lets you use Burp extensions that have been written by users of BurpSuite to extend Burp’s capabilities.
I wanted to use Burp’s Autorize extension that helps me to detect authorization vulnerabilities, one of the more time-consuming tasks in a web application penetration test.
To do this I first navigated to Burp’s Extender tab and BApp store sub-tab that lists all the available extensions as follows.
Then I clicked on Autorize to install it and it said Jython is required for Burp extension to work and the install button was disabled.
From Burp documentation ,If you are installing a Python extension, you must download the standalone version of Jython. It doesn’t matter if you have installed Jython in your machine via any other ways such as apt-get. So to get the standalone version of Jython, navigate to http://www.jython.org/downloads.html. Download the standalone version as shown below to your machine.
Once it is downloaded, move to the Options sub-tab under Burp’s Extender.
Locate the downloaded jar under Python Environment. Make sure you do not remove the jar file from that specified location.
Now get back to the BApp store and click on Autorize. The install button will now be enabled. Click on install and it will successfully install without any error. A new tab will appear at the right most portion of Burp for Autorize.