NSConclave 2023 - Unleashing the Full Potential of Burp Suite with Extension Development for Enhanced Penetration Testing

Talk: Unleashing the Full Potential of Burp Suite with Extension Development for Enhanced Penetration Testing

Abstract

I would be discussing how to create custom burp suite extensions using Jython to test the web application/mobile applications with strong encryptions in HTTP requests and responses.Our main agenda will be to learn how to test the application if the request body or the value of any parameter is encrypted with AES or any other encryptions, and also how will you analyze the response if the response body is fully encrypted.You will learn how I created a burp suite extension with Jython to view the encrypted request and response data in clear text, and how we can modify that data to inject our payload at run time.

Mr. Jagdish Jogal is Information Security Team Lead at Net Square. He has completed his BE in Computer Science & Engineering from SLTIET, Rajkot (GTU). He is skilled in Web and Mobile application testing, Complex JS debugging, Automation development for testing, etc. He likes to share his information security related knowledge and his testing methodologies with blogging.