This talk will mark the an official release and demonstration a new tool which exposes the entire BurpSuite Extender API over a combination of HTTP and WebSockets. BurpSuite is a great tool for application security assessments and the Burp Extender API exposes an extraordinary amount of functionality for users to build their own plugins. However, these plugins must be written in Java, Python, or Ruby. Additionally, restrictions on these languages while running on the JVM can be frustrating. By executing via HTTP and WebSockets, plugins can be written in any language and can run entirely independent from BurpSuite, allowing for unlimited functionality. We will discuss the previous projects which inspired this, functionality of the API, and some client demonstrations written in various languages. Some practical and some that are just awesome for the sake of being awesome.

Back to Derbycon 2014 video list