View profile

What's happening in the Burp-verse - Issue #6

What's happening in the Burp-verse - Issue #6
By Burp Suite Guide • Issue #6 • View online
Hello Burp Suite heroes 👋,
I hope you and your family got vaccinated and are doing good.
This newsletter issue was made possible because of your love, support, and feedback. To appreciate that, I have added a surprise with this newsletter issue.
Read till the end to find it out 😉.
If you got this newsletter for the first time, welcome onboard!!! Signing up for the newsletter was your first step in becoming the up-to-date hero of Burp Suite.
Now let’s continue.

Releases
This stable release contains massive updates to Intruder. Check out newsletter issue #5, where I described some of those updates.
Blog Posts
To describe Seltzer extension is one line, I would say it’s like Carbonator extension for Burp 2.0. As Carbonator is no longer maintained and doesn’t support some Burp 2.0 features, I wouldn’t be wrong if I tell Seltzer is the proud successor of Carbonator.
Seltzer is a wrapper around Burp’s REST and can launch Burp scans from the command-line. It’s easy to use and can help Burp Suite fit into your CI pipelines for DAST scanning.
To know more, read the article.
This article by JumpSec Labs introduces you to the Python Scripter extension and some sample scripts to alter HTTP requests (GET and POST).
I feel the Hackvertor extension can tackle some scenarios described in the article. But if you want more flexibility and logic-based request modification, then Python Scripter might be the extension you are looking for.
To know more, read the article.
Extensions
This extension makes an OPTIONS request and determines if any other HTTP methods are available. If available, highlights the request in the Burp Proxy tab and comments the HTTP methods.
xxux11 ᯲ ̸ on Twitter
A simple yet powerful extension by Abdul Wahab (from Ebryx) helps decrypt AES encrypted traffic on the fly. This extension requires the secret key and initialization vector for the traffic to be decrypted/encrypted.
Once configured, the extension takes care of all the encryption and decryption in the background, and you can continue fuzzing the plain decrypted text in Burp Repeater and Intruder.
Read AES Killer - Usage Guide to know more about the extension.
Source: https://n00b.sh/posts/aes_killer-usage-guide/
Source: https://n00b.sh/posts/aes_killer-usage-guide/
Tweets
Burp Suite has made HTTP/2 the default protocol to use (starting from v2021.4.2). While it helps connect with new web servers, fasten intruder bruteforce and active scans, this setting seems to have some issues.
sanjay on Twitter
Burp Suite extension “Turbo Intruder” doesn’t seem to support HTTP/2.
Akash Hamal on Twitter
Rohit has started #BurpHacksForBounties series where he shares a Burp hack each day. Click on the above Twitter hashtag to see his recent tweets.
Rohit on Twitter
Others
I always wanted to give Burp Suite Enterprise Edition a try - see how it works (security scan multiple websites and manage it) along with its look and feel. But every time I planned to request a trial, I would procrastinate. 🤦‍♂️
Portswigger has made it even easier to see how Enterprise Edition looks like. You obviously cannot start a scan on your websites; however, you can see the different features in Burp Suite Enterprise.
If you liked it and want to see it in full action, request a trial.
Finally
Thank you for subscribing to my newsletter. You made it possible for this newsletter to cross the 100 subscribers milestone!!! 🎉 🎉
So I am giving away the “Hands-On Application Penetration Testing with Burp Suite” book for free to a lucky subscriber. This book is by far the most recent and knowledgeable book on Burp Suite.
You are just two steps away from winning this book. To participate in this giveaway:
  1. Make sure you follow Burp Suite Guide on Twitter & LinkedIn
  2. Tweet (on Twitter) or post (on LinkedIn) why you liked this newsletter and why others should subscribe to this as well.
Don’t forget to add the link https://newsletter.burpsuite.guide/ and the hashtag #burpsuiteguide
The winner will be announced in 2 weeks. Hurry up!!
Looking forward to giving you this amazing book.
Until next time 👋
Did you enjoy this issue?
Burp Suite Guide

Your guide to all things Burp Suite !

If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue