Extending Burp to Find Struts and XXE Vulnerabilities

Presented at DerbyCon 8.0 Evolution (2018), Oct. 6, 2018, 2 p.m. (25 minutes).

How do you test for Struts vulnerabilities in clients’ web apps? Have you tried writing a Burp plug-in to help? Extending Burp is easier than you might think. We’ll cover Burp Extension programming in Python, the power of Burp’s Collaborator, and adapting Struts and XXE exploits to find vulnerabilities automatically. This will culminate in the discovery of a web app zero day.


Presenters:

Links:

Similar Presentations: