Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Tool Talk: Burp Suite Extensions

Learn how to power up web application security testing with tips on creating customized extensions featuring BurpCage, an extension that replaces any image proxied through Burp Suite leveraging the Montoya API.

Burp Suite is one of the most popular tools in the tool kit of web application pen testers, used by more than 55,000 users in over 150 countries. Countless extensions are just a download away empowering pen testers to hack more efficiently to elevate web application security. But there is a constant need for new and improved extensions to keep pace with the wide range of threats facing web applications today

Join the tenth episode of our Tool Talk series to hear Chris Cerne, Security Consultant III, talk about how to power up pen tests by learning to build Burp Suite extensions from scratch.

Tune in as we:

  • Explore why it is beneficial to create your own extensions and dive deep into how Chris created BurpCage, a new extension that replaces any image proxied through Burp Suite utilizing the Montoya API
  • Show how to apply Chris’s tips and techniques to create your own Burp extensions to level up your application security pen-testing engagements.

Chris Cerne BF Headshot

About the speaker, Christopher Cerne

Security Consultant III

Christopher is a Security Consultant III focused on application security and hybrid application assessments at Bishop Fox. He has over a decade of experience in computer technology and is recognized in the security community for finding numerous 0-day vulnerabilities with responsible disclosures. While obtaining a B.S. degree in Computer Science at Virginia Tech (VT), Christopher studied embedded device security, worked as a teaching assistant in the Department of Computer Science, and joined the VT Cybersecurity Club (CyberVT) where he learned the basics of vulnerability research and competed in CTFs. Christopher holds a Junior Penetration Tester Certification (eJPT).

When Christopher isn’t busy conducting hybrid application assessments for Bishop Fox clients, he enjoys being outdoors, especially hiking and biking throughout the Blacksburg, Virginia area. He is also a member of VPI Cave Club.

More by Christopher

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.