Modifying and Building Burp Extensions

by DG under appsec, burp
Context Last week James Kettle (@albinowax) released a blog post/whitepaper on the PortSwigger blog titled Cracking the Lens: Targeting HTTP's Hidden Attack-Surface. In short, it's about probing hidden systems that make up modern day application infrastructures by submitting intentionally malformed requests. If you haven't read it yet, I would recommend you check it out. A link to the post can be found here. Like Kettle's release last year, Backslash Powered Scanning, this one came with another great open source Burp extension, collaborator-everywhere. The source for which can be found here. This post uses the extension above as an example,
Read More