The objective of this lecture is to give pentesters and tool developers an overview of the APIs available to extend the Burp Suite intercepting proxy. Using open-source examples developed by the author we will illustrate a number of key areas for anyone wishing to create extensions for Burp Suite:
- Passive scanning
- Active scanning
- Identifying insertion points
- Request modification
The presentation will include code samples and links to actual open source Burp Suite plugins developed by the author.
- Senior Application Security Consultant - CodeMagi, Inc.
August Detlefsen (California) is a Senior Security Consultant who has presented at JavaOne (2008, 2012) as well as AppSec USA (2014, 2015) and is the co‐author of Iron‐Clad Java: Building Secure Web Applications. August also teaches customized secure coding classes for large and small clients.