Burp Suite is a popular web security testing tool that helps you secure web applications by testing and validating vulnerabilities. It’s a comprehensive platform for performing security assessments on web applications, and its extensibility is one of its key features.
Burp Suite extensions are add-ons that allow you to customize and extend the functionality of Burp Suite. These extensions can be written in any JVM-compatible language, including Java, Python, and Ruby.
Writing a Burp Extension in Ruby Burp extensions can be written in 3 languages - Java, Python, and Ruby. Since Burp is a java app, in order to write extensions in Python you need Jython and in Ruby you need JRuby. For this example, we’ll use Ruby.
Step 1 - Downloading JRuby The first step is to download JRuby from https://jruby.org/download.
For this example we will be using the latest - 9.
Excited to see AuthHeader Updater on a list of awesome burp extensions!
Excited to release Auth Header Updater today – a Burp extension to update Authorization headers during a scan and also guest post about it on ihackthings.online.
Read more about it at ihackthings.online or chs.us.
Source code and plugin available on GitHub. ~
Just whipped together a new Burp extension called perfmon (not to be confused with the Windows tool of the same name). I was really interested in the the resource usage of Burp while doing certain activities.
It adds a new tab to Burp and samples every 5 seconds-
Current and max number of threads in use
Current and max memory used
Current and max memory allocated
Ticker to set how often the stats update.
This is the first part in a series that I plan to write on how to create Burp extensions. I became interested in writing Burp extensions at a previous company where we were fortunate enough to be given time to do research presentations and then present them to our peers. My first presentation topic was to write an Active Scanning extension in Burp that would look for XXE (XML External Entity Injection).
Just finished my talk about extending Burp at Derbycon VII. Thanks to everyone that attended! I’m really thankful for the opportunity to present on the topic.
The Details-
Slides –
Video in Slides (Slide 14)
Source Code – https://github.com/sampsonc/searchplusplus
Video of the Presentation
I’d love to hear any comments/questions.