Open Mobile Menu


Filed In: Security

So You Want to Build a Burp Plugin?

Views: 3200

Written By: Monika Morrow December 05, 2013

Burp Plugins are a great way to improve your workflow or overcome testing obstacles that might force you to test a web application manually. If you don’t have a lot of experience with Java, writing your first plugin can be challenging.

My BayThreat presentation, “So You Want to Build a Burp Plugin”, attempts to address this early hurdle by presenting three unique examples showing different possible functionalities that can be used as starting points for other projects.

Links to a video of the presentation, the slides, and the source code are below.



Source Code

Monika Morrow

Monika Morrow is a Senior Security Consultant at AppSec Consulting. Monika is an expert in black-box and white-box mobile and web application penetration testing and helped develop AppSec Consulting’s mobile testing mythology. She utilizes manual techniques and automated scanning tools such as Burp Professional, AppScan Standard Edition, Qualys, and Nessus. When these tools don’t work, she is often able to write a Burp extension to deal with the unusual behavior causing the problem. Noticing a lack of available reference material for writing Burp extensions Monika developed and delivered a talk at BayThreat 4, “So You Want to Build A Burp Plugin?” to share this knowledge with the community. Monika also volunteers her time to local STEM events such as HacKid and local career days.

Monika received her Bachelor of Science in Computer Science from California State University, Chico. After college Monika worked for six years as a C++ software developer at the Naval Air Warfare Center Weapons Division – China Lake for the Department of the Navy. After moving to San Jose, prior to joining AppSec Consulting, she added Java , C#, and Objective C programming to her skill set and started the development of an iOS application. Since joining AppSec Consulting Monika has transitioned her skills to security testing where she has spent four years black-box and white-box testing Web and Mobile applications in addition to performing security training and developing specialized testing tools.

When not researching new security technologies or actively assessing corporate security, Monika enjoys spending time with family and friends, volunteering, driving unique cars, photography, biking, yo-yoing, and gymnastics.

read more articles by Monika Morrow