Static Analysis with Burp Suite

I’m so far behind the times, it’s sad. Burp Suite gained the ability to perform static analysis on JavaScript libraries back in 2014. Some sites and authors have already blogged about what their approach is for implementing this.I’d like to echo Lukas’s method, but with an easier setup. Simply navigate to the local directory containing the app and serve it using Python’s built-in HTTP server. python2 syntax: python -m SimpleHTTPServer <port> python3 syntax: python3 -m http....

April 10, 2018 · 1 min · Chris

Fix AWS SSL Certificate error in Burpsuite

This morning, while I was trying to proxy traffic to this site in Burpsuite, I ran across an SSL handshake error. Googling the issue returned this helpful article that got me started on the right path. The crux of the problem was that the JRE didn’t have the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy files installed. However, since this article was published, Portswigger began bundling the JRE with Burpsuite itself....

January 11, 2017 · 2 min · Chris

Configure an Upstream Proxy for Burpsuite

I had the need to proxy traffic from Burpsuite to another proxy during web app testing this week. There are a few ways to do this, but this method was the easiest since I already had Burpsuite’s TLS certificate installed. For more information on this, see the Burpsuite help. To configure an upstream proxy for Burpsuite, such as OWASP ZAP, follow these steps: First, configure your upstream proxy that will sit between Burpsuite and the web application to listen on a different port since they both bind TCP 8080 by default....

November 5, 2015 · 1 min · Chris