Abstract

Assessing modern web applications can be a challenge. Burp Suite, the industry standard assessment tool, offers integrated extensions that facilitate the assessment process. This hands-on workshop will teach how to write a custom Burp Suite extension in Python.

Target Audience

This workshop was specifically created for participants with a technical background, like penetration tester or developers, who would like to take their testing technique a step further and add custom automation to it. Basic experiences with Burp Suite and Python is recommended to follow the course.

Details

The modern web application landscape continuously offers more technologies and possibilities to realise a multitude of tasks, applications and workflows. Therefore, being able to adapt to changing demands is a valuable skill. To fulfil this Burp Suite, the industry standard in web application penetration testing, brings a variety of extensions provided for many common use cases. Burp Suite also offers the possibility to create and customise extensions for specific needs, especially for automated scan functionalities. The workshop will start off with common use cases, in which extensions can help to fulfil a specific task and from there on continues to writing, configurating and testing a custom extension. This includes the use of Burp's APIs, building the necessary code structure as well as testing the code to ensure stability and proper integration with automated scan functionalities. After the workshop the attendees will be capable to create an extension on the fly for any specific need in the future.

Agenda

• Introduction/Goals
• Overview of Burp Workflows
• Structure of Extensions
• Extension Creation
• Extension Testing
• Conclusion