GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → doyensec → Burpdeveltraining

doyensec / Burpdeveltraining

Licence: other
Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"

Programming Languages

java
68154 projects - #9 most used programming language

Labels

security-automationburpsuiteburp-plugintraining-materials

Projects that are alternatives of or similar to Burpdeveltraining

Headless Burp
Automate security tests using Burp Suite.
Stars: ✭ 192 (-36.42%)
Mutual labels:  burpsuite, burp-plugin
Faraday
Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+958.94%)
Mutual labels:  security-automation, burpsuite
Burpa
Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Stars: ✭ 427 (+41.39%)
Mutual labels:  security-automation, burpsuite
Burp Unauth Checker
burpsuite extension for check unauthorized vulnerability
Stars: ✭ 99 (-67.22%)
Mutual labels:  burpsuite, burp-plugin
TurboDataMiner
The objective of this Burp Suite extension is the flexible and dynamic extraction, correlation, and structured presentation of information from the Burp Suite project as well as the flexible and dynamic on-the-fly modification of outgoing or incoming HTTP requests using Python scripts. Thus, Turbo Data Miner shall aid in gaining a better and fas…
Stars: ✭ 46 (-84.77%)
Mutual labels:  burp-plugin, burpsuite
Burp Molly Pack
Security checks pack for Burp Suite
Stars: ✭ 123 (-59.27%)
Mutual labels:  burpsuite, burp-plugin
burp-aem-scanner
Burp Scanner extension to fingerprint and actively scan instances of the Adobe Experience Manager CMS. It checks the website for common misconfigurations and security holes.
Stars: ✭ 60 (-80.13%)
Mutual labels:  burp-plugin, security-automation
Burpsuite Collections
BurpSuite收集:包括不限于 Burp 文章、破解版、插件(非BApp Store)、汉化等相关教程,欢迎添砖加瓦---burpsuite-pro burpsuite-extender burpsuite cracked-version hackbar hacktools fuzzing fuzz-testing burp-plugin burp-extensions bapp-store brute-force-attacks brute-force-passwords waf sqlmap jar
Stars: ✭ 1,081 (+257.95%)
Mutual labels:  burpsuite, burp-plugin
flarequench
Burp Suite plugin that adds additional checks to the passive scanner to reveal the origin IP(s) of Cloudflare-protected web applications.
Stars: ✭ 44 (-85.43%)
Mutual labels:  burp-plugin, burpsuite
burp-suite-utils
Utilities for creating Burp Suite Extensions.
Stars: ✭ 19 (-93.71%)
Mutual labels:  burp-plugin, burpsuite
auth analyzer
Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.
Stars: ✭ 77 (-74.5%)
Mutual labels:  burp-plugin, burpsuite
googleauthenticator
Burp Suite plugin that dynamically generates Google 2FA codes for use in session handling rules (approved by PortSwigger for inclusion in their official BApp Store).
Stars: ✭ 18 (-94.04%)
Mutual labels:  burp-plugin, burpsuite
Swurg
Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
Stars: ✭ 94 (-68.87%)
Mutual labels:  burpsuite, burp-plugin
Minesweeper
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Stars: ✭ 162 (-46.36%)
Mutual labels:  burpsuite, burp-plugin
Cstc
CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef
Stars: ✭ 91 (-69.87%)
Mutual labels:  burpsuite, burp-plugin
burp-wildcard
Burp extension intended to compact Burp extension tabs by hijacking them to own tab.
Stars: ✭ 119 (-60.6%)
Mutual labels:  burp-plugin, burpsuite
Burp Sensitive Param Extractor
burpsuite extension for check and extract sensitive request parameter
Stars: ✭ 35 (-88.41%)
Mutual labels:  burpsuite, burp-plugin
Burp Suite Error Message Checks
Burp Suite extension to passively scan for applications revealing server error messages
Stars: ✭ 45 (-85.1%)
Mutual labels:  burpsuite, burp-plugin
burp-token-rewrite
Burp extension for automated handling of CSRF tokens
Stars: ✭ 15 (-95.03%)
Mutual labels:  burp-plugin, burpsuite
SQLi-Query-Tampering
SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite's Intruder. This extension gives you the flexibility of manual testing with many powerful evasion techniques.
Stars: ✭ 123 (-59.27%)
Mutual labels:  burp-plugin, burpsuite
View All Similar Projects ➔

Developing Burp Suite Extensions

Doyensec

This repository contains the slides and code for the training Developing Burp Suite Extensions - From Manual Testing to Security Automation

Content

  • BurpExtensionTemplate - Empty extension templates for NetBeans, Eclipse and IDEA
  • HelloBurp - Our first Burp extension
  • SiteLogger - Log sitemap and findings to database (MongoDB)
  • ReplayAndDiff - Replay a scan with a fresh session and diff the results
  • DetectSRI - Passive scanner check to detect the use of Subresource Integrity (SRI) attribute
  • DetectELJ - Active scanner check to detect Expression Language (EL) injection vulnerabilities
  • Bradamsa - Simplified code of Bradansa Intruder payloads generator
  • Doyensec_DevelopingBurpSuiteExtensionsTraining.pdf - Full slides of the training (PDF, 155 pages)

All exercises are provided in Java, Python and Ruby.

This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported (CC BY-NC-SA 3.0). You are free to Share and Adapt under the following terms: Attribution, NonCommercial, ShareAlike.

Overview of the class

In this hands-on class, attendees will learn how to design and develop Burp Suite extensions for a variety of tasks. In a few hours, we work on several plugins to improve manual security testing efforts as well as to create fully-automated security tools. This workshop is based on real-life use cases where the extension capabilities of the tool can be unleashed to improve efficiency and effectiveness of security auditing. As an attendee, you will bring home a full bag of tricks that will take your web security skills to the next level. The class is available in 1-day and 2-days versions.

Audience

Suitable for both web application security specialists and developers. Attendees are expected to have rudimental understanding of Burp Suite as well as basic object-oriented programming experience. While Burp extensions are developed live in Java, attendees can work on Python or Ruby since all exercises are also provided in those languages.

Interested?

More details on what to expect from this class can be found on our blog post. We deliver this class during public events (e.g. security conferences) as well as private company workshops. If you're interested in a forthcoming public training or you want to know more about private classes, please contact [email protected]

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].