eLearnSecurity Blog

Developing Burp Suite Extensions

Coming off the back of Fuzzing with Google‘s success – this month, eLearnSecurity‘s technical webinar series returns for its latest installment.

We invite you to join us on May 16th 2017, at 1PM ET, as we take on one of the most widely used tools in web app pentesting: Burp Suite. And no, this isn’t some measly Intro to Burp tutorial. Guided by Doyensec’s Luca Carettoni, we will be unleashing Burp’s power by showing you how to make full use of the tool’s extension capabilities.

Everyone’s favorite security tool

First of all, what is Burp Suite? Burp is an intuitive, easy-to-use (not to mention, free*) web application tool that allows even beginners to get started with scanning vulnerabilities, verifying attack vectors, intercepting traffic, and so much more.

The real fun, however, begins with Burp’s high customizability – there are a ton of tweaks and features associated with it that still makes it a must-have software for even the most experienced pentesters.

One such feature – the one that we’ll cover thoroughly on May 16th – is its extensibility.

Burp’s extension APIs add extra functionality, allowing users to initiate actions like scanning and spidering, provide custom Intruder payloads and payload processors, and customize placement of attack insertion points within scanned requests. It also allows users to create many different types of scripts to suit their own needs and improve their tests’ effectiveness and efficiency.

Building with Security

Diving into Burp Suite extensions with us is Luca Carettoni (@lucacarettoni). Luca was formerly a Senior Application Security Manager at LinkedIn. Earlier this year, he left his Mountain View gig to found Doyensec, a security research and development company focused on vulnerability discovery and remediation.

If his career venture still isn’t the reason why his name rings a bell, then you should know that Luca is also the author of ‘Burp Suite Starter,’ a hands-on, practical guide for beginners to help them get up and running with…well, Burp Suite.

Luca is also one of the speakers at the Black Hat USA 2017 Briefings, and will be presenting ‘Electronegativity – A Study of Electron Security.’ Want a free ticket to Las Vegas to attend BH USA? Check out MISSION: Black Hat USA!

Not up to speed?

We’ll go deep into Burp Suite’s extension features at the webinar, so you might want to brush up on your Burp knowledge while waiting. Three of the eLearnSecurity training courses cover Burp Suite, to varying degrees – Penetration Testing Student v3, Penetration Testing Professional v4, and Web Application Penetration Testing v2.

The courses include modules on the basics of using the tool, as well as guides for setting up and using various tools such as the Burp Spider, Repeater, Proxy, and more.

You can get your free access to the PTSv3, PTPv4, and WAPTv2 course demos at the jump.

If that’s not enough for you, you can also Google for an eLearnSecurity PTS invite code. You might be lucky enough to find one hidden in various discussion forums or even one of our social channels! Happy hunting!

Feel the Burp!

We go live with ‘Developing Burp Suite Extensions‘ on May 16th 2017 at 1:00 PM ET. Step on the gas and register now to Burp with us!

Tags: , , , , , ,

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go to top of page