Extending Burp

Presented at DerbyCon 7.0 Legacy (2017), Sept. 22, 2017, 4:30 p.m. (25 minutes)

Burp is one of the most popular tools used in dynamic web application testing with a lot of great features built-in. It also provides an API that lets you extend it further. It can be intimidating when starting to write an extension, but once you get going it’s not too bad. This talk will walk through an example of creating a Burp extension that uses several different features of the API. Carl Sampson is a product security engineer for Salesforce. He has 20 years of experience between development and application security and has worked in a number of organizations across the insurance and marketing sectors. He lives in central Indiana with his wife and three children. He has a passion for automation, tools development, and is the cofounder and leader of the Indy OWASP chapter. @chs

Presenters:

• Carl Sampson

Links:

• https://www.derbycon.com/friday-schedule/#event-66

Similar Presentations:

• DerbyCon 8.0 Evolution (2018) / Extending Burp to Find Struts and XXE Vulnerabilities
• ToorCon San Diego TwentyOne (2019) / Mocking HTTP Services with Burp
• DerbyCon 7.0 Legacy (2017) / Burping for Joy and Financial Gain