Emma Stocks |
03 July 2023 at 14:54 UTC
Want to create customized scans without the hassle of learning advanced programming? Burp Suite’s got you covered. Scripted scan checks – or BChecks – are now a full reality with the 2023.6 release of Burp Suite Professional.
To find out all the use cases for BChecks, and a detailed overview of how to create and write them, have a read of our most recent blog post.
To really make the most of this new functionality, we’re running a competition. By taking part, you’ll get to see your BCheck being reviewed (and voted for) by the inimitable community of Burp Suite users, the PortSwigger Research team, and the team who developed and created the BChecks functionality.
The competition opens on Monday 3 July. Here’s how it’ll work …
- Read through the documentation to get the basics of the language, and learn how to create your own BCheck.
- Define and create your BCheck.
- Submit your pull request to the BChecks GitHub repo by Sunday 16 July.
- Vote for your favourite submissions.
On Monday 17 July, we’ll review all of the pull requests and the ten submitted BChecks with the most upvotes will be shortlisted for voting. The creators of the ten shortlisted BChecks will win some exclusive Burp Suite swag, and the final winner from the shortlist will win an exclusive interview with a member of the Burp Suite development team. Make sure to vote for your favourites by giving a thumbs up to the BChecks you think deserve to win.
Before you get started, make sure to have a look at the BChecks GitHub repo where you’ll find a number of examples, covering various vulnerability classes, that’ll help you understand how to work with the various aspects of the BChecks language. The examples included cover:
- Blind SSRF via out-of-band detection.
- Exposed git directory.
- Leaked AWS tokens.
- Log4Shell via out-of-band detection.
- Server-side prototype pollution.
- Suspicious input transformation.
We’ll share more details about the next phase of the competition at a later date but in the meantime, we can’t wait to start checking out your BChecks …