Customizing Burp Suite - Getting the most out of your extensions

Presented at AppSec USA 2014, Sept. 19, 2014, 1 p.m. (45 minutes)

The objective of this lecture is to give pentesters and tool developers an overview of the APIs available to extend the Burp Suite intercepting proxy. Using open-source examples developed by the author we will illustrate a number of key areas for anyone wishing to create extensions for Burp Suite: - Passive scanning - Active scanning - Identifying insertion points - Request modification The presentation will include code samples and links to actual open source Burp Suite plugins developed by the author.

Presenters:

• August Detlefsen - Senior Application Security Consultant - CodeMagi, Inc.
  August Detlefsen (California) is a Senior Security Consultant who has presented at JavaOne (2008, 2012) as well as AppSec USA (2014, 2015) and is the co‐author of Iron‐Clad Java: Building Secure Web Applications. August also teaches customized secure coding classes for large and small clients.

Links:

• https://owaspappsecusa2014.sched.com/event/1onUSEj/customizing-burp-suite-getting-the-most-out-of-your-extensions

Similar Presentations:

• AppSec USA 2015 / Customizing Burp Suite - Getting the Most out of Burp Extensions
• DerbyCon 7.0 Legacy (2017) / Burping for Joy and Financial Gain
• ToorCon San Diego TwentyOne (2019) / Mocking HTTP Services with Burp