View profile

What's happening in the Burp-verse - Issue #7 📰

What's happening in the Burp-verse - Issue #7 📰
By Burp Suite Guide • Issue #7 • View online
Hi,
I hope this issue finds you well. 
In the last few weeks, there seems to be a trend in the Burp-verse. All of a sudden, there are blog posts about an underrated Burp feature. Maybe it’s a coincidence, but who knows 😉.
(More on the trend in Blog Posts section)
Also, we have a winner for the book giveaway.

Releases
Burp Professional / Community 2021.6 released!
Good news, early adopters!
Hex view is back 😎
Few more updates:
  • HTTP/2 enabled for extensions. (I think the Turbo Intruder issue mentioned in the last newsletter issue is now solved.)
  • Minor update to the Extender APIs (after a long time). Extension developers can force their extensions to use HTTP/1 by setting “forceHttp1” to true.
  • Bug fixes as usual.
Blog Posts
As mentioned in the introduction, I see a trend in the blog posts recently released. Most of these fascinating blog posts cover Burp Macros.
Burp Macros: What, Why & How?
Akshita Gupta, as the blog title says, explains Burp macros and gives an example by using macros to solve a Web Security Academy lab.
If you don’t know about macros, I would highly recommend reading this blog post to get started.
Automating Burp Suite series
Divyanshu Shukla, on the other hand, has started a blog series that explains the different scenarios where you can use Burp macros.
Check out his blog series:
1. Capturing CSRF Token Via Macro 
2. Automated Authenticated Login and Scanning via Macro
3. Understanding And Customising Custom Header From Response Via Burp Macro — Writing Own Burp Extension
How to activate Burp Suite inside Docker image?
Activating Burp Suite Pro inside a docker image is problematic for anyone trying to introduce Burp in their pipelines. I have documented two ways to solve it. I hope you find it helpful :)
Extensions
HopLa by Alexis Danizan (from Synacktiv)
If I were to describe this extension in a single line, it’s this.
HackBar + PayloadsAllTheThings + Auto-Completion = HopLa
This extension adds auto-completion support and useful payloads in Burp Suite to make your manual fuzzing in Repeater easier.
Source: https://github.com/synacktiv/HopLa
Source: https://github.com/synacktiv/HopLa
Others
Great getting started resources for new users of Burp Suite Professional
A “great” curated list of resources to learn Burp Suite Pro. Resources include Youtube videos, blog posts, and more.
Check them out to learn more on Burp Pro.
Some of the best Burp extensions - as chosen by you
A small blog post by PortSwigger containing the top five favorite Burp extensions (based on the replies to NahamSec’s tweet).
Burp Suite Cheat Sheet v1.0
This SANS cheatsheet was published sometime back. A two-page cheat sheet contains the most useful hotkeys, extensions, and more.
Finally
In the last issue, I posted about giving away the fabulous book - Hands-On Application Penetration Testing with Burp Suite to one lucky email subscriber.
The winner is Shivankar Madaan for his tweet.
Stay tuned for more giveaways!
Don’t forget to follow Burp Suite Guide on Twitter or LinkedIn to get instant updates on Burp Suite
Until next time 👋
Did you enjoy this issue?
Burp Suite Guide

Your guide to all things Burp Suite !

In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue