Creating your own Android library and documenting it with Javadocs
Enlarge your burp or how not to be afraid of JavaDocs...Enlarge your burp or how not to be afraid of...
Transcript of Enlarge your burp or how not to be afraid of JavaDocs...Enlarge your burp or how not to be afraid of...
![Page 1: Enlarge your burp or how not to be afraid of JavaDocs...Enlarge your burp or how not to be afraid of JavaDocs Igor Bulatenko Ivan Elkin Sources h"ps://goo.gl/oYjBTg (python) #whoami](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b5d057e708231d4302618/html5/thumbnails/1.jpg)
Enlarge your burp or how not to be afraid of JavaDocs
Igor Bulatenko Ivan Elkin
![Page 2: Enlarge your burp or how not to be afraid of JavaDocs...Enlarge your burp or how not to be afraid of JavaDocs Igor Bulatenko Ivan Elkin Sources h"ps://goo.gl/oYjBTg (python) #whoami](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b5d057e708231d4302618/html5/thumbnails/2.jpg)
Sources
h"ps://goo.gl/oYjBTg(python)
![Page 3: Enlarge your burp or how not to be afraid of JavaDocs...Enlarge your burp or how not to be afraid of JavaDocs Igor Bulatenko Ivan Elkin Sources h"ps://goo.gl/oYjBTg (python) #whoami](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b5d057e708231d4302618/html5/thumbnails/3.jpg)
#whoami
• #videns• HeadofQIWIapplicaAonsecuritydepartment• FormersecuritysoFwaredeveloper• CTFplayerandorganizer(TechnoPandas)• JBFCMemberJ
![Page 4: Enlarge your burp or how not to be afraid of JavaDocs...Enlarge your burp or how not to be afraid of JavaDocs Igor Bulatenko Ivan Elkin Sources h"ps://goo.gl/oYjBTg (python) #whoami](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b5d057e708231d4302618/html5/thumbnails/4.jpg)
Whatisallabout
• Whypeople(us)useburp• Burp101
• Officialinfo• OtherpresentaAons
• Internals• Plugins
![Page 5: Enlarge your burp or how not to be afraid of JavaDocs...Enlarge your burp or how not to be afraid of JavaDocs Igor Bulatenko Ivan Elkin Sources h"ps://goo.gl/oYjBTg (python) #whoami](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b5d057e708231d4302618/html5/thumbnails/5.jpg)
Isitgood?
• #1amongwebscanners*• CrossplaTorm• GoodformanualvulnerabiliAestesAng• Canscanwholeinternet• Hasplugins• Mostpopularvulnerabilitychecks• GartnerchallengersforAST
![Page 6: Enlarge your burp or how not to be afraid of JavaDocs...Enlarge your burp or how not to be afraid of JavaDocs Igor Bulatenko Ivan Elkin Sources h"ps://goo.gl/oYjBTg (python) #whoami](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b5d057e708231d4302618/html5/thumbnails/6.jpg)
Unofficialinfos
h"p://www.slideshare.net/jasonhaddix/bsides-finalh"p://www.slideshare.net/AugustDetlefsen/burp-extensionsh"p://www.slideshare.net/marcwickenden/burp-plugin-development-for-java-n00bs-44-conh"p://www.agarri.fr/docs/HiP2k13-Burp_Pro_Tips_and_Tricks.pdfh"p://www.youtube.com/watch?v=Q2WK5LpDbxwh"p://www.youtube.com/watch?v=N-IKHmGjf2ch"ps://twi"er.com/everythingburph"p://www.slideshare.net/AugustDetlefsen/appsec-usa-2015-customizing-burp-suite
![Page 7: Enlarge your burp or how not to be afraid of JavaDocs...Enlarge your burp or how not to be afraid of JavaDocs Igor Bulatenko Ivan Elkin Sources h"ps://goo.gl/oYjBTg (python) #whoami](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b5d057e708231d4302618/html5/thumbnails/7.jpg)
Whyimproveit?
• NotcorrectuseofAPI• Scanfullness• TimeforimplemenAngnewtechniques
![Page 8: Enlarge your burp or how not to be afraid of JavaDocs...Enlarge your burp or how not to be afraid of JavaDocs Igor Bulatenko Ivan Elkin Sources h"ps://goo.gl/oYjBTg (python) #whoami](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b5d057e708231d4302618/html5/thumbnails/8.jpg)
How it works (spidering)
![Page 9: Enlarge your burp or how not to be afraid of JavaDocs...Enlarge your burp or how not to be afraid of JavaDocs Igor Bulatenko Ivan Elkin Sources h"ps://goo.gl/oYjBTg (python) #whoami](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b5d057e708231d4302618/html5/thumbnails/9.jpg)
How its works (active scan)
![Page 10: Enlarge your burp or how not to be afraid of JavaDocs...Enlarge your burp or how not to be afraid of JavaDocs Igor Bulatenko Ivan Elkin Sources h"ps://goo.gl/oYjBTg (python) #whoami](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b5d057e708231d4302618/html5/thumbnails/10.jpg)
Demo 01
• SimplestPlugin• ShowloggingfuncAonality(stdout,stderr)• LogInserAonPointsinfo
• NestedInserAonPoint• DoAcAveScan• Howtodebuginpython(jython)
![Page 11: Enlarge your burp or how not to be afraid of JavaDocs...Enlarge your burp or how not to be afraid of JavaDocs Igor Bulatenko Ivan Elkin Sources h"ps://goo.gl/oYjBTg (python) #whoami](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b5d057e708231d4302618/html5/thumbnails/11.jpg)
Demo 02
• DoAcAveScan• Buildingrequestfora"ack• Howrequestsarecounted(scannertab)• Sendrequestsviacallbacksorviajython
• HighlighAnginrequest/responses
![Page 12: Enlarge your burp or how not to be afraid of JavaDocs...Enlarge your burp or how not to be afraid of JavaDocs Igor Bulatenko Ivan Elkin Sources h"ps://goo.gl/oYjBTg (python) #whoami](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b5d057e708231d4302618/html5/thumbnails/12.jpg)
Demo 03
• Errormessagecheck(h"p://virvales.blogspot.ru/2015/08/burp-stacktrace-sniffer.html)
• H"pListener• Manualaddingscanissue
![Page 13: Enlarge your burp or how not to be afraid of JavaDocs...Enlarge your burp or how not to be afraid of JavaDocs Igor Bulatenko Ivan Elkin Sources h"ps://goo.gl/oYjBTg (python) #whoami](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b5d057e708231d4302618/html5/thumbnails/13.jpg)
You’re doing it wrong
![Page 14: Enlarge your burp or how not to be afraid of JavaDocs...Enlarge your burp or how not to be afraid of JavaDocs Igor Bulatenko Ivan Elkin Sources h"ps://goo.gl/oYjBTg (python) #whoami](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b5d057e708231d4302618/html5/thumbnails/14.jpg)
Right way
![Page 15: Enlarge your burp or how not to be afraid of JavaDocs...Enlarge your burp or how not to be afraid of JavaDocs Igor Bulatenko Ivan Elkin Sources h"ps://goo.gl/oYjBTg (python) #whoami](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b5d057e708231d4302618/html5/thumbnails/15.jpg)
Demo 04
InserAonPointProviderCustomInserAonPoint,necessarymethodsLoggingpayloads
![Page 16: Enlarge your burp or how not to be afraid of JavaDocs...Enlarge your burp or how not to be afraid of JavaDocs Igor Bulatenko Ivan Elkin Sources h"ps://goo.gl/oYjBTg (python) #whoami](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b5d057e708231d4302618/html5/thumbnails/16.jpg)
The end (part 1)