Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Tool Talk: Burp Suite Extensions

Learn how to power up web application security testing with tips on creating customized extensions featuring BurpCage, an extension that replaces any image proxied through Burp Suite leveraging the Montoya API.

Burp Suite is one of the most popular tools in the tool kit of web application pen testers, used by more than 55,000 users in over 150 countries. Countless extensions are just a download away empowering pen testers to hack more efficiently to elevate web application security. But there is a constant need for new and improved extensions to keep pace with the wide range of threats facing web applications today

Join the tenth episode of our Tool Talk series to hear Chris Cerne, Security Consultant III, talk about how to power up pen tests by learning to build Burp Suite extensions from scratch.

Tune in as we:

  • Explore why it is beneficial to create your own extensions and dive deep into how Chris created BurpCage, a new extension that replaces any image proxied through Burp Suite utilizing the Montoya API
  • Show how to apply Chris’s tips and techniques to create your own Burp extensions to level up your application security pen-testing engagements.
Chris Cerne BF Headshot

About the speaker, Christopher Cerne

Security Consultant III

Christopher is a Security Consultant III focused on application security and hybrid application assessments at Bishop Fox. He has over a decade of experience in computer technology and is recognized in the security community for finding numerous 0-day vulnerabilities with responsible disclosures. While obtaining a B.S. degree in Computer Science at Virginia Tech (VT), Christopher studied embedded device security, worked as a teaching assistant in the Department of Computer Science, and joined the VT Cybersecurity Club (CyberVT) where he learned the basics of vulnerability research and competed in CTFs. Christopher holds a Junior Penetration Tester Certification (eJPT).

When Christopher isn’t busy conducting hybrid application assessments for Bishop Fox clients, he enjoys being outdoors, especially hiking and biking throughout the Blacksburg, Virginia area. He is also a member of VPI Cave Club.

More by Christopher

Extend Your Knowledge

Check out these related resources.

Tool Talk Episode 9 webcast title in neon letters on dark background with Matt Keeley and Joe Sechman headshots presenting the security tool Spoofy.
Webcast

Tool Talk: Spoofy

Watch to explore Spoofy, a domain spoofing tool that checks whether a list of domains (in bulk) can be spoofed based on SPF and DMARC records.

Learn More
Bishop Fox Tool Talk Episode 8 asminject.py
Webcast

Tool Talk: asminject.py

Watch as we explore Bishop Fox’s very own asminject.py, a code injection tool that tampers with trusted Linux processes to capture sensitive data and change program behavior.

Learn More
Bishop Fox Tool Talk episode 7 CloudFox to find exploitable attack paths in cloud infrastructure presented by three security consultants
Webcast

Tool Talk: CloudFox

Watch as we explore Bishop Fox’s very own CloudFox, a command line tool that helps offensive security practitioners navigate unfamiliar cloud environments and find exploitable attack paths in cloud infrastructure. Tune in to our livestream for a demo of CloudFox!

Learn More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.