14 Mar, 2014

Burp App Store

by Mike McCabe

We’re all big fans of Burp Suite, it’s the main tool, we at nVisium, use to assess web applications. We are also big fans of the Extender interface built into Burp. We’ve created and released multiple custom extensions to extend the functionality of Burp when testing. Recently, Portswigger, the makers of Burp Suite teased at the soon to be released Burp App Store.

Coming soon to a @Burp_Suite near you: #BAppStore pic.twitter.com/3Ic9RgwEkv — Burp Suite (@Burp_Suite) February 28, 2014

On March 4th, in release v1.6beta, the BApp Store dropped. The BApp Store makes finding and loading extensions into Burp easy. It has a store like interface, where Burp users can browse, review ratings, and install various Burp extensions.

Installation of extensions is very simple, just click Install. Once the installation completes, new extensions show up in the Extensions tab, just like if it were manually loaded.

Once installed, extensions will be loaded automatically. Currently, there are only thirteen extensions in the BApp Store but that will increase over time. 

As this version of Burp is a beta, you may run into issues loading extensions from the BApp Store. I found increasing the MaxPermSize as suggested does help with some errors loading extensions. I personally use the following in my .bash_profile to run Burp.

nVisium plans to submit extensions to the BApp Store and has high hopes for the future of extending Burp with this new feature. There’s also talk of a new web interface for Burp, which could make it even more powerful. With every release Burp keeps getting better and better, making the life of web app testers easier.

More information can be found here and here.