Customizing Burp Suite - Getting the most out of your extensions

Presented at AppSec USA 2014, Sept. 19, 2014, 1 p.m. (45 minutes)

The objective of this lecture is to give pentesters and tool developers an overview of the APIs available to extend the Burp Suite intercepting proxy. Using open-source examples developed by the author we will illustrate a number of key areas for anyone wishing to create extensions for Burp Suite: - Passive scanning - Active scanning - Identifying insertion points - Request modification The presentation will include code samples and links to actual open source Burp Suite plugins developed by the author.

Presenters:

  • August Detlefsen - Senior Application Security Consultant - CodeMagi, Inc.
    August Detlefsen (California) is a Senior Security Consultant who has presented at JavaOne (2008, 2012) as well as AppSec USA (2014, 2015) and is the co‐author of Iron‐Clad Java: Building Secure Web Applications. August also teaches customized secure coding classes for large and small clients.

Links: