Federico Dotta

🚀 Want to build your own Burp Suite extensions? As part of Burp Extensibility Month, we’re sharing Burp Ambassador Federico Dotta's (@apps3c) 10-part guide to extending Burp Suite with the Montoya API. Start here 👇 hnsecurity.it/blog/extending… #BurpSuite #BurpExtensibility

I’ll be hosting a live session during @Burp_Suite Extensibility Month on the @PortSwigger Discord on May 14 at 4 PM BST / 5 PM CEST. Topic: “Restoring Testability: Handling Complex Scenarios in Burp Suite with a Custom Extension”. Join us live! discord.gg/portswigger?ev…

To celebrate the @Burp_Suite Extensibility Month, the tenth article of the series "Extending Burp Suite for fun and profit - The Montoya way" is out! The topics of this tenth part is "Burp AI"! Stay tuned for a new extension on the topic on @BApp_Store! hnsecurity.it/blog/extending…

Highlights include: ✨ Our new Burp Ambassadors, @apps3c and @0xTib3rius, present sessions covering creating custom extensions for complex testing scenarios and a Bambda generation framework. 🔬 A deep dive with PortSwigger researcher @zakfedotkin on vibecoding Burp extensions.

🚀 Extensibility Month is launching on the PortSwigger Discord! Join us for a month of events, resources, and community discussion all about creating, sharing, and getting more from Extensibility in Burp Suite. #BurpSuite #BurpExtensibility

Meet the Burp Ambassadors: @apps3c 🇮🇹 Federico Dotta is an offensive security researcher with a deep focus on Burp Suite extensibility. #BurpAmbassador #BurpSuite #BurpExtensibility #BApps

The ninth article of the series "Extending Burp Suite for fun and profit - The Montoya way" is out! The topics of this ninth part is "Custom scan checks - An improved quick way to extend Burp Suite Active and Passive Scanner"! hnsecurity.it/blog/extending…

🔄 Brida, Burp to Frida Bridge A bridge between Burp Suite and Frida to help test Android applications. 👇 portswigger.net/bappstore/2c0d…

I released an updated version of Brida (0.6), fully compatible with @fridadotre >= 17! You can download the new release from GitHub and soon from the @Burp_Suite BAppStore. hnsecurity.it/blog/brida-0-6…

A few notes and examples on a topic I've been exploring recently: AI red teaming on LLM-based applications! security.humanativaspa.it/attacking-gena…

The unattainable unicorn in fault injection! Our latest article reveals that single-bit faults are possible on ESP32. Discover how some bits are easier to flip and why lowest voltage isn't always best. Join @0x696e6f6465 in his #hardwarehacking quest. security.humanativaspa.it/fault-injectio…

Eighth article of the series "Extending @Burp_Suite for fun and profit - The Montoya way" is out! Topic: BChecks - A quick way to extend Burp Suite Active and Passive Scanner! security.humanativaspa.it/extending-burp…

Seventh article of the series "Extending @Burp_Suite for fun and profit - The Montoya way" is out! Topic: using the Collaborator in Burp Suite plugins! security.humanativaspa.it/extending-burp…

Great article on fault injection by my colleague @0x696e6f6465. Definitively worth a read! security.humanativaspa.it/fault-injectio…

Display responses that came from a server-side cache (Varnish/Cloudfront) with this filter bambda: return requestResponse.response().headerValue("X-Cache").toLowerCase().contains("hit");

Sixth article of the series "Extending @Burp_Suite for fun and profit - The Montoya way" is out! Topic: adding new checks to Burp Suite Active and Passive Scanner! security.humanativaspa.it/extending-burp…

@InsiderPhD 4. Brida, Burp to Frida bridge Bridges Burp and Frida, enabling traffic manipulation across multiple platforms. Simplifies mobile testing with direct function usage for data encryption/decryption, offering custom plugins, tabs, menu options and more. portswigger.net/bappstore/2c0d…

Fifth article of the series "Extending @Burp_Suite for fun and profit - The Montoya way" is out! Topic: adding new functionalities to the context menu! security.humanativaspa.it/extending-burp…

A quick overview and some tips on how to handle and exploit Java applets and serialized Java objects in the present day using @Burp_Suite. security.humanativaspa.it/java-applet-se…

Fourth article of the series "Extending @Burp_Suite for fun and profit - The Montoya way" is out! Topic: creating new tabs for processing HTTP requests and responses! security.humanativaspa.it/extending-burp…