Customizing Burp Suite - Getting the Most out of Burp Extensions

Presented at AppSec USA 2015, Sept. 24, 2015, 11:30 a.m. (55 minutes)

This presentation will provide an overview of developing extensions for the Burp Suite intercepting proxy. Using examples from extensions developed by the author we will discuss a number of key areas for anyone wishing to develop extensions for Burp Suite: - Request modification - Passive scanning - Active scanning - Identifying insertion points - Integrated graphical user interface tab

Presenters:

  • August Detlefsen - Senior Application Security Consultant - CodeMagi, Inc.
    August Detlefsen (California) is a Senior Security Consultant who has presented at JavaOne (2008, 2012) as well as AppSec USA (2014, 2015) and is the co‐author of Iron‐Clad Java: Building Secure Web Applications. August also teaches customized secure coding classes for large and small clients.
  • Monika Morrow - Senior Security Consultant - AppSec Consulting
    Monika Morrow is a Senior Security Consultant at AppSec Consulting. She has four years of experience testing mobile and web applications built on top of a foundation of six years developing software. Having transitioned from a builder to a breaker she enjoys occasionally writing tools to automate tasks or add functionality. An active member of the community you can usually find Monika at monthly dc408 meetings or planning an event for DEF CON.

Links: