Press enter or click to view image in full sizeThe hardest part of building a Burp extension used to 2026-6-11 18:41:18 Author: infosecwriteups.com(查看原文) 阅读量:9 收藏
Press enter or click to view image in full size
The hardest part of building a Burp extension used to be the code — now it’s just coming up with the idea.
I recently used Claude to create a Burp Extension that highlights nonstandard HTTP Headers to help security researchers identify potential vectors for injection.
Get Raymond Van Wart’s stories in your inbox
Join Medium for free to get updates from this writer.
Simply prompting Claude gave inspiration for the extension. I learned that common HTTP headers exist in the IANA registry and can be used as a filter.
Press enter or click to view image in full size
A few simple prompts allowed Claude to build a prototype from scratch.
Press enter or click to view image in full size
Claude suggests using Montoya API, the newer extension framework from Portswigger.
Press enter or click to view image in full size
Press enter or click to view image in full size
Ironically, the final 20% of fine tuning took the longest time. I simply suggested small features and implemented them gradually until the project was finished.
Press enter or click to view image in full size
Press enter or click to view image in full size
Press enter or click to view image in full size
Press enter or click to view image in full size
Press enter or click to view image in full size
Press enter or click to view image in full size
Building this extension with Claude was fast and fun. It felt like I was having a conversation most of the time.
Though, a word of caution, near the end I did encounter a few bugs that Claude couldn’t resolve. It is important that you know how to code well and are capable of manual analysis else you will hit a brick wall when things become too complex.
如有侵权请联系:admin#unsafe.sh