Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
44 lines (32 sloc) 1.4 KB

Burp Suite Plugin

Tplmap is able to run as a Burp Suite Extension.


Load with following conditions.

  • Burp Suite edition: Professional
  • The Python modules required for Tplmap are installed.
    • PyYaml
    • requests
  • Extension type: Python

An example of a simple setup procedure:

  1. Install Jython by installer
$ wget '' -O jython_installer.jar
$ java -jar jython_installer.jar -s -d /path/to/install/jython -t standard
  1. Install additional Python modules
$ cd /path/to/install/jython
$ ./bin/pip install PyYaml requests
  1. Run your Burp Suite
  2. Open Jython file chooser dialog [Extender] - [Options] - [Python Environment] - [Location of the Jython standalone JAR file]
  3. Choose the file /path/to/install/jython/jython.jar
  4. Load as Python type burp extension


Configure scanning option from 'Tplmap' tab, and do an active scan.


Only the detection feature of Tplmap is available. Exploitation feature is not implemented, use Tplmap CLI.

The --injection-tag option is also not available, because this extension follows Burp's Insertion Point setting.

If you need the --injection-tag option, you can use Scan manual insertion point extension.

You can’t perform that action at this time.