{"id":13636888,"url":"https://github.com/doyensec/burpdeveltraining","last_synced_at":"2025-04-07T10:27:38.186Z","repository":{"id":47548320,"uuid":"83062451","full_name":"doyensec/burpdeveltraining","owner":"doyensec","description":"Material for the training \"Developing Burp Suite Extensions – From Manual Testing to Security Automation\"","archived":false,"fork":false,"pushed_at":"2020-10-14T20:44:08.000Z","size":8917,"stargazers_count":350,"open_issues_count":0,"forks_count":70,"subscribers_count":29,"default_branch":"master","last_synced_at":"2025-03-31T09:06:38.273Z","etag":null,"topics":["burp-plugin","burpsuite","java","security-automation","training-materials"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/doyensec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-02-24T16:43:46.000Z","updated_at":"2025-03-18T23:41:43.000Z","dependencies_parsed_at":"2022-07-26T12:17:08.485Z","dependency_job_id":null,"html_url":"https://github.com/doyensec/burpdeveltraining","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doyensec%2Fburpdeveltraining","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doyensec%2Fburpdeveltraining/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doyensec%2Fburpdeveltraining/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doyensec%2Fburpdeveltraining/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/doyensec","download_url":"https://codeload.github.com/doyensec/burpdeveltraining/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247634677,"owners_count":20970581,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["burp-plugin","burpsuite","java","security-automation","training-materials"],"created_at":"2024-08-02T00:01:06.921Z","updated_at":"2025-04-07T10:27:38.157Z","avatar_url":"https://github.com/doyensec.png","language":"Java","funding_links":[],"categories":["Burp Extension Training Resources","Java (504)","\u003ca id=\"846faac18fb6ee281aac739c032454ea\"\u003e\u003c/a\u003e工具","Java"],"sub_categories":["Template Injection","SSRF","\u003ca id=\"285c52a4e04dd2f86646c8e1235c9332\"\u003e\u003c/a\u003e工具"],"readme":"# Developing Burp Suite Extensions\n\n[![Doyensec](https://www.doyensec.com/images/logo.svg)](https://www.doyensec.com/images/logo.svg)\n\nThis repository contains the slides and code for the training *Developing Burp Suite Extensions - From Manual Testing to Security Automation*\n\n# Content\n  - **BurpExtensionTemplate** - Empty extension templates for NetBeans, Eclipse and IDEA\n  - **HelloBurp** - Our first Burp extension\n  - **SiteLogger** - Log sitemap and findings to database (MongoDB)\n  - **ReplayAndDiff** - Replay a scan with a fresh session and diff the results\n  - **DetectSRI** - Passive scanner check to detect the use of Subresource Integrity (SRI) attribute\n  - **DetectELJ** - Active scanner check to detect Expression Language (EL) injection vulnerabilities\n  - **Bradamsa** - Simplified code of [Bradansa Intruder payloads generator](https://github.com/ikkisoft/bradamsa)\n  - **Doyensec_DevelopingBurpSuiteExtensionsTraining.pdf** - Full slides of the training (PDF, 155 pages)\n\nAll exercises are provided in *Java*, *Python* and *Ruby*. \n\nThis work is licensed under the Creative Commons **Attribution-NonCommercial-ShareAlike** 3.0 Unported (CC BY-NC-SA 3.0). You are free to **Share** and **Adapt** under the following terms: **Attribution**, **NonCommercial**, **ShareAlike**.\n\n### Overview of the class\nIn this hands-on class, attendees will learn how to design and develop Burp Suite extensions for a variety of tasks. In a few hours, we work on several plugins to improve manual security testing efforts as well as to create fully-automated security tools. This workshop is based on real-life use cases where the extension capabilities of the tool can be unleashed to improve efficiency and effectiveness of security auditing. As an attendee, you will bring home a full bag of tricks that will take your web security skills to the next level. The class is available in 1-day and 2-days versions.\n### Audience\nSuitable for both web application security specialists and developers. Attendees are expected to have rudimental understanding of Burp Suite as well as basic object-oriented programming experience. While Burp extensions are developed live in Java, attendees can work on Python or Ruby since all exercises are also provided in those languages.\n### Interested?\nMore details on what to expect from this class can be found on our [blog post](https://blog.doyensec.com/2017/03/02/training-burp.html).\nWe deliver this class during public events (e.g. security conferences) as well as private company workshops. If you're interested in a forthcoming public training or you want to know more about private classes, please contact info@doyensec.com\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdoyensec%2Fburpdeveltraining","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdoyensec%2Fburpdeveltraining","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdoyensec%2Fburpdeveltraining/lists"}