Burp Extension README
During Web Pentest engagements, we often face certain "challenges" like multi-step processes which can be automated to make things more bearable. This is where scripting comes into play. The de-facto tool for scripting is Python. However, in some cases the automation script has too many moving parts such that it feels more like a work around than an actual solution or there might be restrictions in using Python such that we are only left with our favourite tool Burpsuite.
Burpsuite offers their Montoya API to help Pentesters like us to spice up our testing and to fully harness the power of Burpsuite being able to write our own extension will definitely offer a QOL boost to engagements!
However the resources to even start or learn writing the extension is sparse. Even with experience in writing code with Java and learning Java in school, I still had issues with environment set-up, issues trying to understand how to use the APIs, issues with building the GUI etc.
The fact that Montoya API was released in 2022 did not help as this makes some resources although still relevant yet irrelevant. The Burp Extension series will detail my journey in building my first Java based Burp Extension using the Montoya API. The links below will be links to each step of my Journey in eventually writing a full-fletched Burp Extension.