Burp Suite Extension
The Milou Burp Suite extension is the bridge between your active pentesting session and your Milou assessment. It allows you to instantly push findings, complete with request/response evidence, without leaving Burp Suite.
1. Download
You can download the extension (sidecar.jar):
- Navigate to any Assessment.
- In the top toolbar, look for the Download icon (next to the connection status and token).
- Click it to download the
sidecar.jarfile.
2. Install in Burp Suite
- Open Burp Suite Professional or Community.
- Navigate to the Extensions tab -> Installed sub-tab.
- Click Add.
- Under Extension Details, select Java as the extension type.
- Click Select file ... and choose the
sidecar.jarfile you just downloaded. - Click Next. You should see a success message indicating the extension loaded.
3. Connect to Milou
Once installed, you need to authorize the extension to talk to your specific assessment.
- In Burp Suite, go to the new Milou tab.
- API URL: Enter your Milou instance URL (e.g.,
https://milou.internal.corp). - Authentication Token:
- Navigate to your Assessment in the Milou Dashboard.
- In the top right corner of the assessment toolbar, you will see a masked token (e.g.,
abc...xyz). - Click the Copy button to copy the full token.
- Paste it into the extension's Authentication Token field.
- Click Test Connection.
4. Usage
When you find something interesting in Burp (Proxy, Repeater, etc.):
- Right-click the request/response.
- Select Extensions > Milou > Send to Milou.
- In the popup:
- Project: This should automatically show your connected assessment.
- Title: Name the finding (e.g., "IDOR in User Profile").
- Severity: Set the risk level.
- Description: Add your notes. The HTTP request/response is attached automatically.
- Click Send.
The finding is now immediately available in your Milou assessment for further editing.