SlideShare a Scribd company logo

Burp Suite Extensions

Neelu Tripathy, profile picture
Neelu Tripathy

The document outlines various Burp Suite extensions focused on security testing, including tools like the replicator for generating proofs of concept, saml raider for SAML attacks, logger++ for logging requests and responses, and active scan++ for advanced scanning techniques. It details functionalities and methodologies for each tool, such as session macro creation and XML attack handling. Additionally, it highlights limitations and provides references for further exploration of these tools.

Technology
1 of 23
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
L E S S E R K N O W N BURP EXTENSIONS N E E L U T R I PAT H Y
MARKET • Replicator • SAML Raider • Logger ++ • Active Scan++ • WSDLER • Software Vulnerability Scanner • Backslash
REPLICATOR • Pentesting Focused • Replicate PoC for Developers • Used Twice > Before and After FIX Applied • One Vector Per Instance • Specially where encoding/fuzzing is involved • Developer: Should Understand it is just a PoC & can have variations • Finding Wise: User wise session macro
MODES TESTER MODE • Immediate PoC from Burp Suite • Input from Other Tabs > Replicator • Regex: Specify Expressions Manually • Create Session Macro • Scrub cookies • Test All • Save to replicator.json DEVELOPER MODE • Load replicator.json • Use inbuilt session macros • Works across Environments(dev, pre- prod, etc) • Clearing Cookies > Test All • Apply Fix • Test All
WHEN TO USE PROOF OF CONCEPT Team awareness: Developers, Test Teams, Security Testing As a substitute for documentation: Incremental testing LIMITATIONS Not Exhaustive: Cross Site Scripting, SQl Injections, Permutational Issues WAF in Place
DEMO
SAML RAIDER • Roland Bischofberger and Emanuel Duss • Security Assertion MarkUp Language • SSO and FEDERATED Logins • Assertions from IDP • XML Attacks(XXE, etc) • Signature Manipulation( Tampering Attributes, Replay, Re-signing, etc) • Certificate Striping • Issues: – Authentication, – Authorization Bypass – Privilege Escalation
S A M L S T R U C T U R E
ATTACK SURFACE Sign the Message Sign the Assertion Sign the Assertion and later sign the Message Tampering Public Keys and Certificat es Service Provide and Identity Provider
E X A M P L E S TA M P E R I N G S I G N AT U R E WRAPPING
LOGGER++ • Soroush Dalili & Corey Arthur • Log All You Want • Free • Also logs Sequencer, Spider, Intruder and so on.. • Save and Export as CSV • Grepping • Versatile Filters(Method, Query, Request, Response,…)
DEMO
ACTIVE SCAN ++ • James Kettle • Pro Burp Suite • Advanced Testing On Top Of Existing Active Scan • Esoteric Issues Deployment Pre-Requisites • Jython 2.5 or later • jython-standalone-2.5.jar • activeScan++.py
WHAT DO WE GET Struts2 RCE - CVE-2017-5638 / S2-045 Host Header Injection (password reset poisoning, cache poisoning, DNS rebinding) CVE-2014-6271/CVE-2014-6278 'shellshock' and CVE-2015- 2080, CVE-2017-5638, CVE-2017-12629 Edge Side Includes XML Input Handling Blind code injection via expression language, Ruby's open() and Perl's open()
DEMO
WSDLER • Eric Gruber • Parse WSDL • Operations, Bindings and EndPoints • Data Types Defined • Run Through Other Functions • Soap 1.1 Support Only
DEM O
SOFTWARE VULNERABILITY SCANNER [VULNERS] • Vulners Scanner • Software Detection + Vulnerability • Methodology: HTTP Response Header Based Fingerprinting • vulners.com search API • CVEs, Advisories , Exploits! • Caution: False Positives
O V E R V I E W
R E S U L T S
BACKSLASH POWERED SCANNER Research Grade Vulnerabilities High-Hanging Fruits Injection Vulnerabilities Input Filtering Red Teaming Avoiding WAF JSON injection to RCE Server-Side HTTP Parameter Pollution Eescape sequence injection
OTHER EX’S Heartbleed PHP Object Injection Check J2EEScan AWS Security Checks Java Deserialization Scanner RandomIP Address Header Decoder improved CMS Scanner Blazer
REFERENCES • https://portswigger.net/bappstore • https://github.com/nccgroup/BurpSuiteLoggerPlu sPlus • https://github.com/portswigger/active-scan-plus- plus • https://www.youtube.com/watch?v=dxo6-niEtyE • https://github.com/vulnersCom/burp-vulners- scanner • https://github.com/portswigger/logger-plus-plus • https://github.com/portswigger/saml-raider • https://portswigger.net/bappstore/9cff8c55432a4 5808432e26dbb2b41d8 • https://www.youtube.com/watch?v=EPmjl7q1- n4&list=PLuUtcRxSUZUpv2An- RNhjuZSJ5fjY7ghe&index=3

More Related Content

PPTX
Network Penetration Testing
Mohammed Adam
 
PDF
Introduction to red team operations
Sunny Neo
 
PDF
Snort IPS(Intrusion Prevention System) Eğitimi
BGA Cyber Security
 
PDF
HowYourAPIBeMyAPI
Jie Liau
 
PDF
脆弱性スキャナVuls(応用編)
Takayuki Ushida
 
PPT
Cross Site Request Forgery
Tony Bibbs
 
PPTX
Recon with Nmap
OWASP Delhi
 
PPT
Wireshark - presentation
Kateryna Haskova
 
Network Penetration Testing
Mohammed Adam
 
Introduction to red team operations
Sunny Neo
 
Snort IPS(Intrusion Prevention System) Eğitimi
BGA Cyber Security
 
HowYourAPIBeMyAPI
Jie Liau
 
脆弱性スキャナVuls(応用編)
Takayuki Ushida
 
Cross Site Request Forgery
Tony Bibbs
 
Recon with Nmap
OWASP Delhi
 
Wireshark - presentation
Kateryna Haskova
 

What's hot (20)

PDF
BSides Lisbon 2013 - All your sites belong to Burp
Tiago Mendo
 
PPTX
Metasploit framwork
Deepanshu Gajbhiye
 
PDF
Hping Kullanarak Ağ Keşif Çalışmaları
BGA Cyber Security
 
PDF
OSCP Preparation Guide @ Infosectrain
InfosecTrain
 
PDF
とある診断員と色々厄介な脆弱性達
zaki4649
 
PDF
[Container Runtime Meetup] runc & User Namespaces
Akihiro Suda
 
PDF
Dockerセキュリティ: 今すぐ役に立つテクニックから,次世代技術まで
Akihiro Suda
 
PDF
Introduction to Docker Compose
Ajeet Singh Raina
 
PDF
Web security uploadv1
Setia Juli Irzal Ismail
 
PPTX
陽明大學/FHIR 快速跳坑指南
Lorex L. Yang
 
ODP
Python Programlama Dili Eğitimi
Enes Ateş
 
PDF
文字コードに起因する脆弱性とその対策(増補版)
Hiroshi Tokumaru
 
ODP
Mobile App Security Testing -2
Krisshhna Daasaarii
 
PDF
Mobile Application Security
cclark_isec
 
PPTX
Improve Threat Detection with OSSEC and AlienVault USM
AlienVault
 
PPTX
Docker Tokyo
cyberblack28 Ichikawa
 
PDF
FOSSLight Open Source Project
Shane Coughlan
 
PPTX
Process Monitor の使い方
彰 村地
 
PDF
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
ufpb
 
PDF
Burp suite
Yashar Shahinzadeh
 
BSides Lisbon 2013 - All your sites belong to Burp
Tiago Mendo
 
Metasploit framwork
Deepanshu Gajbhiye
 
Hping Kullanarak Ağ Keşif Çalışmaları
BGA Cyber Security
 
OSCP Preparation Guide @ Infosectrain
InfosecTrain
 
とある診断員と色々厄介な脆弱性達
zaki4649
 
[Container Runtime Meetup] runc & User Namespaces
Akihiro Suda
 
Dockerセキュリティ: 今すぐ役に立つテクニックから,次世代技術まで
Akihiro Suda
 
Introduction to Docker Compose
Ajeet Singh Raina
 
Web security uploadv1
Setia Juli Irzal Ismail
 
陽明大學/FHIR 快速跳坑指南
Lorex L. Yang
 
Python Programlama Dili Eğitimi
Enes Ateş
 
文字コードに起因する脆弱性とその対策(増補版)
Hiroshi Tokumaru
 
Mobile App Security Testing -2
Krisshhna Daasaarii
 
Mobile Application Security
cclark_isec
 
Improve Threat Detection with OSSEC and AlienVault USM
AlienVault
 
Docker Tokyo
cyberblack28 Ichikawa
 
FOSSLight Open Source Project
Shane Coughlan
 
Process Monitor の使い方
彰 村地
 
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
ufpb
 
Burp suite
Yashar Shahinzadeh
 
Ad

Similar to Burp Suite Extensions (20)

PPT
Beyond Automated Testing - RVAsec 2016
Andrew McNicol
 
PPT
BSidesDC 2016 Beyond Automated Testing
Andrew McNicol
 
PPT
Andrew and Zac RVA-Beyond-Automated-Testing-2016.ppt
BUSHRASHAIKH804312
 
PPTX
Pentesting Tips: Beyond Automated Testing
Andrew McNicol
 
PPTX
BSides_Charm2015_Info sec hunters_gathers
Andrew McNicol
 
PDF
SOHOpelessly Broken
The Security of Things Forum
 
PPTX
OWASP Pune Chapter : Dive Into The Profound Web Attacks
Narendra Bhati
 
PPTX
Hacking WebApps for fun and profit : how to approach a target?
Yassine Aboukir
 
PPT
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Zack Meyers
 
PPT
shostack-blackhat-991.ppt YUGUUYGYGUUYUHJ
Abodahab
 
PDF
Intrusion Techniques
Festival Software Livre
 
PDF
DEFCON 23 - Jason Haddix - how do i shot web
Felipe Prado
 
PDF
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
PPT
Attacks and Defences
SensePost
 
PPTX
News bytes Oct-2011
Ashwin Patil, GCIH, GCIA, GCFE
 
PPTX
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
lior mazor
 
PPTX
Vulnerability Intelligence and Assessment with vulners.com
Alexander Leonov
 
PDF
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
bugcrowd
 
PPTX
Dive in burpsuite
Nadim Kadiwala
 
PDF
Secrets of Google VRP by: Krzysztof Kotowicz, Google Security Team
OWASP Delhi
 
Beyond Automated Testing - RVAsec 2016
Andrew McNicol
 
BSidesDC 2016 Beyond Automated Testing
Andrew McNicol
 
Andrew and Zac RVA-Beyond-Automated-Testing-2016.ppt
BUSHRASHAIKH804312
 
Pentesting Tips: Beyond Automated Testing
Andrew McNicol
 
BSides_Charm2015_Info sec hunters_gathers
Andrew McNicol
 
SOHOpelessly Broken
The Security of Things Forum
 
OWASP Pune Chapter : Dive Into The Profound Web Attacks
Narendra Bhati
 
Hacking WebApps for fun and profit : how to approach a target?
Yassine Aboukir
 
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Zack Meyers
 
shostack-blackhat-991.ppt YUGUUYGYGUUYUHJ
Abodahab
 
Intrusion Techniques
Festival Software Livre
 
DEFCON 23 - Jason Haddix - how do i shot web
Felipe Prado
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
Attacks and Defences
SensePost
 
News bytes Oct-2011
Ashwin Patil, GCIH, GCIA, GCFE
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
lior mazor
 
Vulnerability Intelligence and Assessment with vulners.com
Alexander Leonov
 
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
bugcrowd
 
Dive in burpsuite
Nadim Kadiwala
 
Secrets of Google VRP by: Krzysztof Kotowicz, Google Security Team
OWASP Delhi
 
Ad

More from Neelu Tripathy (7)

PDF
ContinuousSecurity, Beyond Automation.pdf
Neelu Tripathy
 
PDF
Security Testing ModernApps_v1.0
Neelu Tripathy
 
PDF
Mobile Security Risks & Mitigations
Neelu Tripathy
 
PDF
Pentesting GraphQL Applications
Neelu Tripathy
 
PPTX
PHP Mailer Remote Code Execution
Neelu Tripathy
 
PDF
Understanding Burp Replicator
Neelu Tripathy
 
PPTX
Social Engineering Techniques
Neelu Tripathy
 
ContinuousSecurity, Beyond Automation.pdf
Neelu Tripathy
 
Security Testing ModernApps_v1.0
Neelu Tripathy
 
Mobile Security Risks & Mitigations
Neelu Tripathy
 
Pentesting GraphQL Applications
Neelu Tripathy
 
PHP Mailer Remote Code Execution
Neelu Tripathy
 
Understanding Burp Replicator
Neelu Tripathy
 
Social Engineering Techniques
Neelu Tripathy
 

Recently uploaded (20)

PDF
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
PDF
Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdf
Precisely
 
PDF
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
 
PPTX
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
PDF
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
PPTX
The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptx
sujalchauhan1305
 
PDF
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
PDF
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
PPTX
The Future of AI & Machine Learning.pptx
pritsen4700
 
PDF
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
PDF
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
PDF
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
PPTX
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
PDF
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
PDF
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
PDF
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
PDF
Brief History of Internet - Early Days of Internet
sutharharshit158
 
PDF
GDG Cloud Munich - Intro - Luiz Carneiro - #BuildWithAI - July - Abdel.pdf
Luiz Carneiro
 
PDF
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
PPTX
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdf
Precisely
 
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
 
Agile Chennai 18-19 July 2025 | Emerging patterns in Agentic AI by Bharani Su...
AgileNetwork
 
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
The-Ethical-Hackers-Imperative-Safeguarding-the-Digital-Frontier.pptx
sujalchauhan1305
 
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
The Future of AI & Machine Learning.pptx
pritsen4700
 
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
cloud computing vai.pptx for the project
vaibhavdobariyal79
 
Presentation about Hardware and Software in Computer
snehamodhawadiya
 
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
Brief History of Internet - Early Days of Internet
sutharharshit158
 
GDG Cloud Munich - Intro - Luiz Carneiro - #BuildWithAI - July - Abdel.pdf
Luiz Carneiro
 
Economic Impact of Data Centres to the Malaysian Economy
flintglobalapac
 
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 

Burp Suite Extensions

  • 1. L E S S E R K N O W N BURP EXTENSIONS N E E L U T R I PAT H Y
  • 2. MARKET • Replicator • SAML Raider • Logger ++ • Active Scan++ • WSDLER • Software Vulnerability Scanner • Backslash
  • 3. REPLICATOR • Pentesting Focused • Replicate PoC for Developers • Used Twice > Before and After FIX Applied • One Vector Per Instance • Specially where encoding/fuzzing is involved • Developer: Should Understand it is just a PoC & can have variations • Finding Wise: User wise session macro
  • 4. MODES TESTER MODE • Immediate PoC from Burp Suite • Input from Other Tabs > Replicator • Regex: Specify Expressions Manually • Create Session Macro • Scrub cookies • Test All • Save to replicator.json DEVELOPER MODE • Load replicator.json • Use inbuilt session macros • Works across Environments(dev, pre- prod, etc) • Clearing Cookies > Test All • Apply Fix • Test All
  • 5. WHEN TO USE PROOF OF CONCEPT Team awareness: Developers, Test Teams, Security Testing As a substitute for documentation: Incremental testing LIMITATIONS Not Exhaustive: Cross Site Scripting, SQl Injections, Permutational Issues WAF in Place
  • 7. SAML RAIDER • Roland Bischofberger and Emanuel Duss • Security Assertion MarkUp Language • SSO and FEDERATED Logins • Assertions from IDP • XML Attacks(XXE, etc) • Signature Manipulation( Tampering Attributes, Replay, Re-signing, etc) • Certificate Striping • Issues: – Authentication, – Authorization Bypass – Privilege Escalation
  • 8. S A M L S T R U C T U R E
  • 9. ATTACK SURFACE Sign the Message Sign the Assertion Sign the Assertion and later sign the Message Tampering Public Keys and Certificat es Service Provide and Identity Provider
  • 10. E X A M P L E S TA M P E R I N G S I G N AT U R E WRAPPING
  • 11. LOGGER++ • Soroush Dalili & Corey Arthur • Log All You Want • Free • Also logs Sequencer, Spider, Intruder and so on.. • Save and Export as CSV • Grepping • Versatile Filters(Method, Query, Request, Response,…)
  • 12. DEMO
  • 13. ACTIVE SCAN ++ • James Kettle • Pro Burp Suite • Advanced Testing On Top Of Existing Active Scan • Esoteric Issues Deployment Pre-Requisites • Jython 2.5 or later • jython-standalone-2.5.jar • activeScan++.py
  • 14. WHAT DO WE GET Struts2 RCE - CVE-2017-5638 / S2-045 Host Header Injection (password reset poisoning, cache poisoning, DNS rebinding) CVE-2014-6271/CVE-2014-6278 'shellshock' and CVE-2015- 2080, CVE-2017-5638, CVE-2017-12629 Edge Side Includes XML Input Handling Blind code injection via expression language, Ruby's open() and Perl's open()
  • 15. DEMO
  • 16. WSDLER • Eric Gruber • Parse WSDL • Operations, Bindings and EndPoints • Data Types Defined • Run Through Other Functions • Soap 1.1 Support Only
  • 17. DEM O
  • 18. SOFTWARE VULNERABILITY SCANNER [VULNERS] • Vulners Scanner • Software Detection + Vulnerability • Methodology: HTTP Response Header Based Fingerprinting • vulners.com search API • CVEs, Advisories , Exploits! • Caution: False Positives
  • 19. O V E R V I E W
  • 20. R E S U L T S
  • 21. BACKSLASH POWERED SCANNER Research Grade Vulnerabilities High-Hanging Fruits Injection Vulnerabilities Input Filtering Red Teaming Avoiding WAF JSON injection to RCE Server-Side HTTP Parameter Pollution Eescape sequence injection
  • 22. OTHER EX’S Heartbleed PHP Object Injection Check J2EEScan AWS Security Checks Java Deserialization Scanner RandomIP Address Header Decoder improved CMS Scanner Blazer
  • 23. REFERENCES • https://portswigger.net/bappstore • https://github.com/nccgroup/BurpSuiteLoggerPlu sPlus • https://github.com/portswigger/active-scan-plus- plus • https://www.youtube.com/watch?v=dxo6-niEtyE • https://github.com/vulnersCom/burp-vulners- scanner • https://github.com/portswigger/logger-plus-plus • https://github.com/portswigger/saml-raider • https://portswigger.net/bappstore/9cff8c55432a4 5808432e26dbb2b41d8 • https://www.youtube.com/watch?v=EPmjl7q1- n4&list=PLuUtcRxSUZUpv2An- RNhjuZSJ5fjY7ghe&index=3