Skip to content
Burp extension for processing requests and responses with Python.
Branch: master
Clone or download
Pull request Compare This branch is even with DanNegrea:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

PyRules v0.4


PyRules is a Burp Suite extension that provides a simple way to manipulate requests and responses with Python. The state between multiple requests/responses is saved using persistent variables, this way you can create complex rules in a flexible way.

In each Tab there are three panels:

  1. Console screen: to display short messages and the logged data.

  2. Variable screen: here the persistent variables are defined (optional).

  3. Rules screen: the place contains the Python script. This will run with each request/response or on demand by clicking Run once

Once the setup is complete, you only need to enable the tab and it will do it's job.


For Manual installation, download from this repository. From within Burp Suite, select Extender, click Add button, change the Extension type to Python and select

Requirements for usage

Jython version 2.7.0 or greater needs to be imported. More infos here:


Variables screen (bottom-left)

Initial values for persistant variables go here.

  • Every edit of the code in intialization screen (focus lost) triggers the execution of the code listed here.
  • The state will be maintained when disabling / enabling the tab. To reinitialize the variables click inside this area.

Rules screen (right)

Python script goes here. This code will be executed with each request and response or on demand by clicking Run once .

Available variables are:

  • callbacks
  • helpers
  • toolFlag
  • messageIsRequest
  • messageInfo
  • log To understand how to use them see the provided examples and the api docs.

Notice The code from the simple example should be used for quick tasks. In the advanced example the called functions make sure that the content type of the request gets updated.


  1. log(<variable>) can be used to inspect variables. Strings are displayed directly, pprint is used for other objects.

  2. Expressions that need to be computed only once should be moved in the variables screen. Example: The reqular expressions from simple and advanced examples can be compiled only once:

import re
search_request = re.compile("CSRFtoken=([a-zA-Z0-9]*)")
search_response = re.compile("name=\"CSRFtoken\" value=\"([a-zA-Z0-9]*)\">")
token = ""
  1. To test if the request/response originates from a certain tool use if toolFlag == callbacks.<tool>, where <tool>can be:
  • other value defined by Burp are here
  • 999 identifies the execution triggered by Run once

Questions or suggestions? @sec3ty

Inspired by


You can’t perform that action at this time.