Eighth article of the series "Extending Burp Suite for fun and profit - The Montoya way" is out!
Topic: BChecks - A quick way to extend Burp Suite Active and Passive Scanner!
https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-8/
Seventh article of the series "Extending Burp Suite for fun and profit - The Montoya way" is out!
Topic: using the Collaborator in Burp Suite plugins!
https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-7/
Sixth article of the series "Extending Burp Suite for fun and profit - The Montoya way" is out!
Topic: adding new checks to Burp Suite Active and Passive Scanner!
https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-6/
Fifth article of the series "Extending Burp Suite for fun and profit - The Montoya way" is out!
Topic: adding new functionalities to the context menu!
https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-5/
A quick overview and some tips on how to handle and exploit Java applets and serialized Java objects in the present day using Burp Suite.
https://security.humanativaspa.it/java-applet-serialization-in-2024-what-could-go-wrong/
Fourth article of the series "Extending Burp Suite for fun and profit - The Montoya way" is out!
Topic: creating new tabs for processing HTTP requests and responses!
https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-4/
Stay tuned for the next part on topic: creating new tabs for processing HTTP requests and responses
Third article of the series "Extending Burp Suite for fun and profit - The Montoya way" is out!
Topic: inspecting and tampering WebSocket messages!
https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-3/
Stay tuned for next article on topic "inspecting and tampering WebSocket messages".
The first two articles of the series "Extending Burp Suite for fun and profit - The Montoya way" are out!
The topics of these first two parts are:
- Setting the environment + Hello World
- Inspecting and tampering HTTP requests
https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-1/
https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-2/
@unashamedgeek @raptor @hnsec Thanks Paul!
Thank you @gellge !
Next week, I will publish the first two articles in a series on a topic I've been wanting to create material for a long time: creating extensions for Burp Suite. The articles will be structured like lessons in a course and will teach how to use the new Montoya API!
Each article will include a step-by-step explanation, the backend code for a scenario (usually in Flask), and of course, example extension code. At the moment, I don't know the exact number of articles in the series, but I can tell you that first 5 articles are ready!
First articles:
1. Setting the environment + Hello World
2. Inspecting and tampering HTTP requests
3. Inspecting and tampering WebSocket messages
4. Adding HTTP request/response editor tabs
5. Adding actions to the context menu
6. Adding custom checks to the Scanner
Stay tuned!
A lot to learn in this series on IoT devices reverse engineering by @apps3c
Part 1: https://security.humanativaspa.it/a-journey-into-iot-unknown-chinese-alarm-part-1-discover-components-and-ports/
Part 2: https://security.humanativaspa.it/a-journey-into-iot-unknown-chinese-alarm-part-2-firmware-dump-and-analysis/
Part 3: https://security.humanativaspa.it/a-journey-into-iot-unknown-chinese-alarm-part-3-radio-communications/
Part 4: https://security.humanativaspa.it/a-journey-into-iot-unknown-chinese-alarm-part-4-internal-communications/
#iot #xiot #embedded #Linux #reverseengineering #infotech #cybersecurity #infosec
Part 4 of the "A journey into IoT" series is out! Topic: internal communications. I tried to write these articles with many details, in order to make them as clear as possible also to security researchers approaching hardware for the first times
https://security.humanativaspa.it/a-journey-into-iot-unknown-chinese-alarm-part-4-internal-communications/
A fork of protobuf-decoder plugin for Burp Suite with many bug fixes and improvements, useful to test complex applications that make use of Protobuf data format:
https://security.humanativaspa.it/burp-suite-and-protobuf/
