Summary
Now we are in a position to work with Burp Extensions. Extensions are meant to enhance and extend the functionality or at times complement its event. Nowadays, Burp has the Burp App Store, and extensions can be installed and loaded in a structured manner. Extension authors can also distribute their extensions to a wider audience once their extensions are in the Burp App Store.
If you encounter cases where the tools provided by Burp and the extensions aren't enough, you can write your own extensions in Java, Python, and Ruby. For example, you can passively scan for error messages, connect with PhantomJS to validate XSS findings, audit HTML5 security, and do much more. Using tools such as burpbuddy, you can even write them in other languages that you might think of.
The next chapter is all about maintenance activities required when we do real-world security testing. We'll learn how we save our sessions, backup, and more.
