Burp Suite Extension Development Series

July 30, 2018 Prakhar Prasad 2 minutes

    This is an introductory post for a series of blog posts which will focus on the development of Burp Suite extensions.

    Parts of Series

    1. Introduction to Burp Extender
    2. Setting Up Extension Development Tools
    3. Extension Project Structure and Fundamentals
    4. Diving deeper into Extender API Interfaces
    5. Exploration - Intruder Payload Processing


    I’ll try to answer some of the primitive questions associated with the series:

    Q1. Why are you creating this series ?

    The reason behind this is knowledge sharing; when I first started to author extensions for the venerable Burp Suite it was a pain to figure out high-quality or even straight-forward sequential resources online. My intention here is to at least empower those who are genuinely interested in this, to easily understand the basics of writing suite extension.

    Q2. Who this is targeted at ?

    Anyone and everyone who is interested in learning authoring extensions - Researchers, Professionals, Bug Bounty Hunters and etc. The basic requirement is the reader should be familiar with at least one object oriented high-level programming language.

    Q3. Which software and tools are needed to follow this series ?The following tools will be required to setup the environment:

    Q4. Why are you using Java instead of Jython (or JRuby) ?

    There is no specific reason for that but when I was learning it made more sense to me to choose Java over the other alternatives because of community support for Java and related tools compared to Jython or JRuby. The code written in alternative options are often heavy on memory, plus the fact that the extension user needs to have Jython or JRuby environment in order to run the extensions.

    Q5. I find understanding Java Interfaces difficult; can you point some resources ?Sure, why not.

    If you find this series useful then please share it with the community. Burp Suite folks also like this series ☺️