YesWeBurp 2.0 : A new version of our Burp Suite extension is available
May 10, 2021
⚙ YesWeBurp 2.0
Two years ago, we have released the first version of our Burp Suite extension called “YesWeBurp”. As you probably know (or not) this extension developed in Python is dedicated to use it with our platform and is useful to fetch all programs (public & private), rules, scope, user-agent and more. This extension was nice but because we’ve launched a new series called “HowTo” on how to write a Burp Suite extension in Kotlin, we’ve also decided to completely redevelop YesWeBurp.
The previous version of YesWeBurp was developed in Python. It’s a great language, but not really optimized to write a perfect Burp add-on. By using Kotlin, it’s like using a “native” language to works with Burp Suite and allows us to interact and use the full power of the tool.
TL;DR: This new version of our extension is harder, better, faster than the previous (really!).
How to use it?
On the Options tab you can set your credentials. If OTP is activated on your account (and it is strongly recommended), you can enter your OTP, and click on Fetch programs. Once you are logged in, the programs remain visible until Burp is closed.
You can also check the box “Remember password“.
If everything is okay, you should see a new tab called “Programs” which contains the full list of public and also private programs (in orange) you have access.
When you click on a program, all the information are displayed in different tabs:
- Qualifying vulnerabilities
- Account access
In the top right-hand corner there is a “Configure Burp” button. If you click on it, a new window with the scope information will open:
- User-Agent rules
Each line can be modified (in case of regex is not properly defined) before to be added to scope. Once you have selected the scopes, you can add them to your burp by clicking on the button “Add to scope“. If a program asks to define a specific User-Agent, you can also modify and add it by clicking on the button “Add match/replace rule“.