Jun 1, 2021

What's happening in the Burp-verse - Issue #7 📰

By Burp Suite Guide • Issue #7 • View online

Hi,

I hope this issue finds you well.

In the last few weeks, there seems to be a trend in the Burp-verse. All of a sudden, there are blog posts about an underrated Burp feature. Maybe it’s a coincidence, but who knows 😉.

(More on the trend in Blog Posts section)

Also, we have a winner for the book giveaway.

Releases

Burp Professional / Community 2021.6 released!

Good news, early adopters!

Hex view is back 😎

Few more updates:

HTTP/2 enabled for extensions. (I think the Turbo Intruder issue mentioned in the last newsletter issue is now solved.)
Minor update to the Extender APIs (after a long time). Extension developers can force their extensions to use HTTP/1 by setting “forceHttp1” to true.
Bug fixes as usual.

Blog Posts

As mentioned in the introduction, I see a trend in the blog posts recently released. Most of these fascinating blog posts cover Burp Macros.

Burp Macros: What, Why & How?

Akshita Gupta, as the blog title says, explains Burp macros and gives an example by using macros to solve a Web Security Academy lab.

If you don’t know about macros, I would highly recommend reading this blog post to get started.

Automating Burp Suite series

Divyanshu Shukla, on the other hand, has started a blog series that explains the different scenarios where you can use Burp macros.

Check out his blog series:

1. Capturing CSRF Token Via Macro

2. Automated Authenticated Login and Scanning via Macro

3. Understanding And Customising Custom Header From Response Via Burp Macro — Writing Own Burp Extension

How to activate Burp Suite inside Docker image?

Activating Burp Suite Pro inside a docker image is problematic for anyone trying to introduce Burp in their pipelines. I have documented two ways to solve it. I hope you find it helpful :)

Extensions

HopLa by Alexis Danizan (from Synacktiv)

If I were to describe this extension in a single line, it’s this.

HackBar + PayloadsAllTheThings + Auto-Completion = HopLa

This extension adds auto-completion support and useful payloads in Burp Suite to make your manual fuzzing in Repeater easier.

Source: https://github.com/synacktiv/HopLa

Others

Great getting started resources for new users of Burp Suite Professional

A “great” curated list of resources to learn Burp Suite Pro. Resources include Youtube videos, blog posts, and more.

Check them out to learn more on Burp Pro.

Some of the best Burp extensions - as chosen by you

A small blog post by PortSwigger containing the top five favorite Burp extensions (based on the replies to NahamSec’s tweet).

Burp Suite Cheat Sheet v1.0

This SANS cheatsheet was published sometime back. A two-page cheat sheet contains the most useful hotkeys, extensions, and more.

Finally

In the last issue, I posted about giving away the fabulous book - Hands-On Application Penetration Testing with Burp Suite to one lucky email subscriber.

The winner is Shivankar Madaan for his tweet.

Stay tuned for more giveaways!

Don’t forget to follow Burp Suite Guide on Twitter or LinkedIn to get instant updates on Burp Suite

Until next time 👋

Did you enjoy this issue?

By Burp Suite Guide

Your guide to all things Burp Suite !

Tweet

Share

If you don't want these updates anymore, please unsubscribe here.

If you were forwarded this newsletter and you like it, you can subscribe here.