| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
Burp Suite has created a name for itself as arguably one of the go-to weapons
of choice for web application pentesters, but one of its best features is
consistently being ignored: the ability to append or modify functionality
through the use of burp extensions. Extensions as a feature have introduced
users to numerious possibilities, and have given opportunities to easily develop
functionality that’s necessary to complete required test related tasks. With all
that is available through Burp extensibility, why have we not seen its users
contribute functionality to the same degree as community driven projects such as
MetaSploit or the Nmap Scriptability Engine? In this presentation, James Lester
and Joseph Tartaro will debut their campaign, which focuses on building demand,
support, and an overall desire around the creation of Burp extensions in the
hope of bringing extensibility to the forfront of web application testing. As a
team, James and Joseph will begin by outlining the current demand, capabilities,
and limitations while introducing up to a dozen extensions they created that
presently utilize all current accessible functionality within the extensibility
suite. Along with the release of these extensions, a campaign will be presented
to organize and develop an extension community that documents tool primers,
lessons learned, and tips/tricks, along with hosting extensions and tools
catered to Burp. As a team, Joseph and James will showcase the benefits to their
approach, which include increased efficiency and a simplified way to write new
scripts. During development of this talk, James and Joseph took into
consideration that re-use is a key factor and development techniques were used
to help test user adaptation. Something learned isn't research until it's
shared, and they plan to put this statement to practice utilizing B-Sides as a
perfect tool to help collect data, convey interests, and share results.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast