How to setup Jython in BurpSuite

This is an introductory post on how to setup Jython in BurpSuite. Some awesome BurpSuite extensions like AuthMatrix, SAML Editor, etc require Jython.

List of BurpSuite extensions that require Jython (as on Aug 2019)

  • Additional CSRF Checks
  • AuthMatrix
  • Authorize
  • Browser Repeater
  • BurpelFish
  • BurpSmartBuster
  • Custom Parameter Handler
  • Custom Deserializer
  • ElasticBurp
  • Git Bridge
  • Google Hack
  • JSON Decoder
  • Length Extension Attacks
  • LightBulb WAF Auditing Framework
  • MessagePack
  • Multi-Browser Highlighting
  • NMAP Parser
  • Office Open XML Editor
  • Payload Parser
  • PeopleSoft Token Extractor
  • Protobuf Decoder
  • Proxy Action Rules
  • Python Scripter
  • Request Minimizer
  • Request Randomizer
  • Response Clusterer
  • Reverse Proxy Detector
  • SAML Editor
  • SAML Encoder / Decoder
  • Site Map Extractor
  • Site Map Fetcher
  • SpyDir
  • SQLiPy Sqlmap Integration
  • SSL Scanner
  • UPnP Hunter
  • WAF Cookie Fetcher
  • WebSphere Portlet State Decoder
  • Wordlist extractor
  • WordPress Scanner
  • WSDL Wizard
  • Yara

Installing Jython

1. Head over to Jython Downloads page ( and download the standalone version.

2. (Optional) Move it to a location where you store other application / app config files.

3. In BurpSuite, goto Extender -> Options. Then under Python Environment click on the “Select File” button and select the Jython standalone JAR file. Click Open.

4. Jython is configured. You could head over to BApp Store to install your favourite extensions.

Feel free to share this article:
Tweet 20

Leave a Reply

Your email address will not be published. Required fields are marked *