Burp is a Java-based application that can be downloaded from the PortSwigger website. There is a limited-use free version, along with paid versions available. For this write-up, I’ll be using the free version. You can also use Kali Linux as Burp is already installed. In Kali, you can launch Burp by selecting the icon in the dock: Starting Burp Suite You may receive a warning about the installed version of Java – this is ok to ignore. You may also be informed of an update for Burp, this is also safe to ignore for now but it’s usually best to…
Read moreCategory: AppSec
Finding Usernames with Burp Extensions
What Does this Extension Do? This is a relatively simple Burp extension that I created a while back to learn more about how to actually create extensions. The functionality is straight-forward: it parses the HTML looking for email addresses. Additionally, it can generate usernames from the list of emails found. The ideal use case is when an website (or organization) uses first.last@organization.com format – as some combination of the first and last name will also serve as their username. For example, jane.doe@example.com may have the following usernames: jane.doe jdoe doej doe You can find a demonstration of this extension in…
Read more