You’ll find how I troubleshooted for a bit before settling on a process to write my own extension and thereby solve my own problem. If you’ve ever been in a similar situation, trying to write your own solution to a Burp problem that crops up, read on. In my case, I reasoned that maybe a Burp extension could help me work around my specific problem.īut what I then realized was, there was no extension out there that could help.
I think we’d all agree that Burp is a fantastic tool, but like all things, it does have its limitations.
While it was still easy for me to intercept the traffic using Burp, I found that I was unable to modify any of the requests-if I tried, the end server generated an authentication error, as the signature did not match the original request. At the time, I was working on a big project where the main web application was signing all the requests. However, a couple of years ago, I did hit a snag. For those of you who work in web application security, maybe you’re familiar with Burp.Īs a senior pen tester at Schellman, I certainly am-I work with it a lot and it serves me well.
0 kommentar(er)
