How to make Burp better
I’ve been doing web penetration testing and webapp source code audits since 2010. During black box testing the main tool of choice is, not suprisingly, Burp Suite Pro. I always do the most crucials parts of analysis manually, so Burp Repeater is the tab where I spend most of my time.
But for manual testing of a sufficiently large app, repeater quicly gets cluttered:
We deserve better, and instead of ocasional rants I’ve decided to draft a proposal on how we can improve burp with the focus on performing manual (and perhaps automated) testing in a more efficient way.
The proposal is currently a (very early) work in progress. All comments and suggestions are very much appreciated though!
Written on April 22, 2017