Introduction
Burp Discord Activity represents a handcrafted Burp Suite extension that bridges security testing workflows with social presence through Discord Rich Presence integration.
Repository: github.com/Hunt3r0x/burp-discord-activity
This extension was developed through manual coding and reverse engineering of the Burp Suite Montoya API, providing real-time monitoring and broadcasting of Burp Suite tool activities. For security professionals, penetration testers, and bug bounty hunters, understanding this extension is crucial for:
- Extending Burp Suite capabilities through custom extension development
- Implementing real-time activity monitoring and Discord integration
- Understanding Discord IPC communication and Rich Presence protocols
- Developing thread-safe extensions with minimal resource footprint
- Building professional security tools with clean, efficient code
This guide covers the manual development process, technical implementation details, real-world challenges faced, and solutions developed through hands-on experience.
Extension Overview
Burp Discord Activity is a lightweight Burp Suite extension that captures HTTP traffic and broadcasts activity via Discord Rich Presence.
🔗 GitHub Repository: github.com/Hunt3r0x/burp-discord-activity
The extension was built from scratch using the Montoya API, focusing on simplicity, performance, and reliability.
Characteristics
- Real-time Discord Rich Presence updates based on HTTP traffic monitoring
- Minimal resource usage with smart traffic throttling
- Project name integration from Burp Suite projects
- Discord game timer showing session duration
- Automatic idle detection after 5 minutes of inactivity
- Thread-safe implementation with proper resource management
- Hand-optimized for heavy traffic scenarios
Impact
- Workflow Transparency: Real-time visibility into testing activities for team collaboration
- Professional Presence: Enhanced Discord presence during security work
- Activity Tracking: Automatic monitoring of target domains and tool usage
- Performance Optimization: Smart throttling prevents resource exhaustion during scans
- Extension Development Reference: Clean code architecture for Burp Suite extensions
Technical Deep Dive
Core Architecture
The extension was designed with a minimal, efficient architecture focusing on essential functionality:
- BurpDiscordActivity: Main extension class implementing BurpExtension and HttpHandler
- DiscordRPCManager: Handles Discord IPC connection and Rich Presence updates
- ToolState: Simple enum for tool state management
Root Cause Analysis
During development, several technical challenges were identified and solved:
- Missing Listener APIs: Montoya API 2025.12 lacks tool-specific listeners
- Performance Issues: Initial implementations caused high CPU usage during traffic spikes
- Memory Leaks: Poor resource management in early versions
- Discord Connection Issues: IPC connection instability and reconnection challenges
Technical Implementation
Main Extension Class
/**
* Minimal Burp Suite Discord Rich Presence extension.
* Vibe coded by @imXhandle | notrubberduck.space
* Show off your Burp Suite work on Discord with style!
*/
public class BurpDiscordActivity implements BurpExtension, HttpHandler {
private MontoyaApi api;
private DiscordRPCManager discordRPC;
private ScheduledExecutorService scheduler;
private String lastHost = "None";
private boolean isActive = false;
private long lastActivityTime = 0;
private boolean hasSeenTarget = false;
private String projectName = "Untitled Project";
private long lastUpdateTime = 0;
private static final long UPDATE_THROTTLE_MS = 1000;
private long requestCount = 0;
private long lastTrafficCheck = 0;
private long sessionStartTime = 0; // Track when Burp session started
@Override
public void initialize(MontoyaApi api) {
this.api = api;
this.sessionStartTime = System.currentTimeMillis(); // Start session timer
// Manual project name extraction with error handling
try {
projectName = api.project().name();
if (projectName == null || projectName.isEmpty()) {
projectName = "Burp Project";
}
} catch (Exception e) {
projectName = "Burp Project";
api.logging().logToError("Could not get project name: " + e.getMessage());
}
discordRPC = new DiscordRPCManager(api.logging()::logToError);
api.http().registerHttpHandler(this);
api.extension().registerUnloadingHandler(() -> shutdown());
// Manual scheduler setup with daemon threads
scheduler = Executors.newSingleThreadScheduledExecutor(r -> {
Thread t = new Thread(r, "Discord-Updater");
t.setDaemon(true);
return t;
});
scheduler.scheduleAtFixedRate(this::updatePresence, 0, 30, TimeUnit.SECONDS);
api.logging().logToOutput("Burp Discord Activity loaded - Project: " + projectName);
api.logging().logToOutput("Vibe coded by @imXhandle | notrubberduck.space");
}
}
Smart Traffic Throttling System
@Override
public RequestToBeSentAction handleHttpRequestToBeSent(HttpRequestToBeSent request) {
String host = request.httpService().host();
if (host != null && !host.isEmpty()) {
lastHost = host;
hasSeenTarget = true;
isActive = true;
lastActivityTime = System.currentTimeMillis();
// Manual scope detection
boolean inScope = api.scope().isInScope(request.url());
if (inScope) {
lastHost = host;
}
// Hand-coded smart throttling based on traffic volume
requestCount++;
long currentTime = System.currentTimeMillis();
// Reset traffic counter every 10 seconds
if ((currentTime - lastTrafficCheck) > 10000) {
requestCount = 0;
lastTrafficCheck = currentTime;
}
// Manual throttle adjustment based on traffic analysis
long throttleTime = UPDATE_THROTTLE_MS;
if (requestCount > 100) {
throttleTime = 3000; // Heavy traffic
} else if (requestCount > 50) {
throttleTime = 2000; // Medium traffic
}
if ((currentTime - lastUpdateTime) > throttleTime) {
lastUpdateTime = currentTime;
updatePresence();
}
}
return RequestToBeSentAction.continueWith(request);
}
Discord Integration Layer
/**
* Simple Discord Rich Presence manager.
* Vibe coded by @imXhandle | notrubberduck.space
* Professional Discord integration for Burp Suite
*/
public class DiscordRPCManager {
private static final String CLIENT_ID = "1457114543028437112";
private final DiscordRPC rpc;
private final AtomicBoolean connected = new AtomicBoolean(false);
private final ScheduledExecutorService scheduler;
private final Consumer<String> errorLogger;
private String lastStatus = "";
private String lastHost = "";
public DiscordRPCManager(Consumer<String> errorLogger) {
this.rpc = DiscordRPC.INSTANCE;
this.scheduler = Executors.newSingleThreadScheduledExecutor(r -> {
Thread t = new Thread(r, "DiscordRPC");
t.setDaemon(true);
return t;
});
this.errorLogger = errorLogger;
connect();
}
private void connect() {
try {
DiscordEventHandlers handlers = new DiscordEventHandlers();
handlers.ready = (user) -> connected.set(true);
handlers.disconnected = (errorCode, message) -> connected.set(false);
// Manual Discord initialization with proper parameters
rpc.Discord_Initialize(CLIENT_ID, handlers, true, null);
connected.set(true);
// Keep connection alive with manual callback scheduling
scheduler.scheduleAtFixedRate(rpc::Discord_RunCallbacks, 0, 2, TimeUnit.SECONDS);
} catch (Exception e) {
errorLogger.accept("Failed to connect to Discord: " + e.getMessage());
}
}
public void updatePresence(String status, String host, String projectName, long sessionStartTime) {
// Vibe coded by @imXhandle | notrubberduck.space
// Skip duplicate updates for performance
if (status.equals(lastStatus) && host.equals(lastHost)) {
return;
}
lastStatus = status;
lastHost = host;
if (!connected.get()) return;
try {
DiscordRichPresence presence = new DiscordRichPresence();
presence.details = projectName; // Project name as main title
// Add game timer (start timestamp) but no custom session timer text
presence.startTimestamp = sessionStartTime;
// Clean display without custom session timer
if (host.equals("None") || host.isEmpty()) {
presence.state = status + " • No target";
} else {
presence.state = status + " • " + host;
}
presence.largeImageKey = "burpsuite_icon";
presence.largeImageText = "Burp Suite by @imXhandle";
rpc.Discord_UpdatePresence(presence);
} catch (Exception e) {
connected.set(false);
errorLogger.accept("Failed to update Discord: " + e.getMessage());
}
}
}
Data Flow Architecture
// Manual data flow implementation
1. HTTP Request → Burp Suite HttpHandler
2. Extract host and check scope manually
3. Apply smart throttling based on traffic analysis
4. Update Discord Rich Presence with project name
5. Handle connection errors gracefully
6. Display results in Discord desktop app
Development Challenges & Solutions
Challenge 1: Missing Tool Listeners
Problem: Montoya API 2025.12 lacks ProxyListener, RepeaterListener, IntruderListener interfaces
Solution: Implemented HttpHandler with smart detection patterns
// Manual tool detection through URL patterns and scope analysis
private boolean isInScope(String url) {
return api.scope().isInScope(url);
}
Challenge 2: Performance Under Heavy Traffic
Problem: Initial implementation caused 100% CPU during scans with 1000+ requests
Solution: Hand-coded smart throttling system
// Manual traffic analysis and throttling
if (requestCount > 100) {
throttleTime = 3000; // Reduce updates during heavy traffic
}
Challenge 3: Discord Connection Instability
Problem: Discord IPC connections dropped frequently during long sessions
Solution: Manual connection management with callback scheduling
// Keep Discord connection alive manually
scheduler.scheduleAtFixedRate(rpc::Discord_RunCallbacks, 0, 2, TimeUnit.SECONDS);
Supported Versions & Components
Burp Suite Compatibility
- Burp Suite Professional: 2023.10+ (with Montoya API)
- Burp Suite Community: 2023.10+ (with Montoya API)
- Java Runtime: JDK 17 or higher required
- Tested Versions: Montoya API 2025.11 and 2025.12
Dependencies & Libraries
- Montoya API:
montoya-api-2025.12.jar(local file) - Discord RPC:
java-discord-rpc-2.0.1-all.jar(bundled) - Build System: Gradle 9.1.0
- Java Version: JDK 17+
Extension Architecture
// Simplified component diagram
BurpDiscordActivity (Main)
├── DiscordRPCManager (Communication)
│ ├── DiscordRPC rpc
│ ├── AtomicBoolean connected
│ └── ScheduledExecutorService scheduler
├── HttpHandler Implementation
│ ├── Smart throttling logic
│ ├── Scope detection
│ └── Traffic analysis
└── ToolState (Constants)
├── PROXY, IDLE
└── display name mappings
Vector 3: Idle Detection System
private void updatePresence() {
// Vibe coded by @imXhandle | notrubberduck.space
// Manual idle detection (5 minutes = 300000 ms)
long now = System.currentTimeMillis();
if (isActive && (now - lastActivityTime) > 300000) {
isActive = false;
}
String status = isActive ? "Proxy" : "Idle";
// Always show the last target we've seen, even when idle
String targetToShow = hasSeenTarget ? lastHost : "None";
discordRPC.updatePresence(status, targetToShow, projectName, sessionStartTime);
}
Development Techniques
Manual Extension Setup
Development Environment Configuration
# Manual pentesting session with Discord updates
1. Start Burp Suite with extension loaded
2. Begin proxying traffic through target application
3. Discord shows: "Client Project • Proxy • target.com"
4. Switch targets → Discord shows "Client Project • Proxy • new.target.com"
5. Run automated scan → Extension handles 1000+ requests smoothly
6. Go idle for 5 minutes → Discord shows "Client Project • Idle • target.com"
7. Discord game timer shows elapsed session time
Team Collaboration
// Manual team coordination through Discord presence
{
"details": "Client Assessment Project",
"state": "Proxy • api.target.com",
"timestamps": {
"start": 1641024000000
},
"assets": {
"large_image": "burpsuite_icon",
"large_text": "Burp Suite by @imXhandle"
}
}
Performance Protection
Smart Traffic Throttling
// Real traffic throttling implementation (from actual code)
// Smart throttling based on traffic volume
requestCount++;
long currentTime = System.currentTimeMillis();
// Reset traffic counter every 10 seconds
if ((currentTime - lastTrafficCheck) > 10000) {
requestCount = 0;
lastTrafficCheck = currentTime;
}
// Adjust throttle based on traffic volume
long throttleTime = UPDATE_THROTTLE_MS;
if (requestCount > 100) {
throttleTime = 3000; // 3 seconds for heavy traffic
} else if (requestCount > 50) {
throttleTime = 2000; // 2 seconds for medium traffic
}
if ((currentTime - lastUpdateTime) > throttleTime) {
lastUpdateTime = currentTime;
updatePresence();
}
Resource Management
// Real resource cleanup (from actual code)
private void shutdown() {
if (scheduler != null) scheduler.shutdown();
if (discordRPC != null) discordRPC.shutdown();
api.logging().logToOutput("Burp Discord Activity unloaded - @imXhandle | notrubberduck.space");
}
Error Handling Strategies
Discord Connection Management
// Real error handling for Discord (from actual code)
try {
DiscordRichPresence presence = new DiscordRichPresence();
presence.details = projectName;
presence.startTimestamp = sessionStartTime;
presence.state = status + " • " + host;
presence.largeImageKey = "burpsuite_icon";
presence.largeImageText = "Burp Suite by @imXhandle";
rpc.Discord_UpdatePresence(presence);
} catch (Exception e) {
connected.set(false);
errorLogger.accept("Failed to update Discord: " + e.getMessage());
}
API Error Handling
// Real API error handling (from actual code)
try {
projectName = api.project().name();
if (projectName == null || projectName.isEmpty()) {
projectName = "Burp Project";
}
} catch (Exception e) {
projectName = "Burp Project";
api.logging().logToError("Could not get project name: " + e.getMessage());
}
Extension Installation
Manual Installation Process
-
Clone the Repository
git clone https://github.com/Hunt3r0x/burp-discord-activity.git cd burp-discord-activity -
Locate the Built Extension
# The extension JAR will be created at: build/libs/BurpDiscordActivity-1.0.0.jar -
Install in Burp Suite
- Open Burp Suite
- Navigate to Extensions → Installed
- Click Add button
- Select the JAR file:
build/libs/BurpDiscordActivity-1.0.0.jar - Click Open to install
-
Verify Installation
- Check that "Burp Discord Activity" appears in your extensions list
- Look for the loading message in Burp Suite console:
Burp Discord Activity loaded - Project: [Your Project Name] Vibe coded by @imXhandle | notrubberduck.space
-
Configure Discord Connection
- Open Discord desktop app
- The extension should automatically connect and show your Burp activity
-
Test the Extension
- Start proxying traffic through Burp Suite
- Check your Discord status - it should show:
Your Project Name Proxy • target.com Extension
Download & Installation: Get the latest version from GitHub Repository
Conclusion
The Burp Discord Activity extension demonstrates the power of manual extension development using the Burp Suite Montoya API. Through hand-coded optimization and real-world testing, this extension provides reliable Discord Rich Presence integration with minimal resource usage.
Try it yourself: github.com/Hunt3r0x/burp-discord-activity
Contributions, issues, and feature requests are welcome!