Extending Burp at DerbyCon VII

Just finished my talk about extending Burp at Derbycon VII. Thanks to everyone that attended! I’m really thankful for the opportunity to present on the topic.

The Details-

Slides –

Video in Slides (Slide 14)

Source Code – https://github.com/sampsonc/searchplusplus

Video of the Presentation

I’d love to hear any comments/questions.


Posted in Security | Leave a comment

DerbyCon 7.0

So excited to be speaking at DerbyCon 7.0 this year! After attending every year since the conference started, I decided to submit a talk this year and it was accepted. The title of the talk is “Extending Burp”. I’ll run through how to create Burp extensions and some gotcha’s that I figured out.

Hope to see you there!

Posted in Security | Leave a comment

Elixir vs Ruby – A Simple Test

A coworker of mine is really excited about Elixir and it’s performance.   So, I created a little program in both Ruby and Elixir to return an array containing the squares of numbers from 1 to 1000.

This is the Ruby version.   It uses a gem called Parallel that I found quickly from searching. It uses all available processors and uses threads.

require 'parallel'
Parallel.map(1..1000) do |i|
  i * i

Running this a few times gives results like this-

real	0m0.118s
user	0m0.090s
sys	0m0.059s

This is the Elixir version. It uses no external libraries. It uses all available processors and uses threads.

defmodule Parallel do
  def pmap(collection, func) do
    |> Enum.map(&(Task.async(fn -> func.(&1) end)))
    |> Enum.map(&Task.await/1)
Parallel.pmap 1..1000, &(&1 * &1)

Running this a few times gives results like this-

real	0m0.271s
user	0m0.258s
sys	0m0.176s

Ruby is considerably faster on this simple example.  Definitely going to experiment more…

Posted in Ruby | Leave a comment

Favorite Podcasts

I’ve been spending most of my commute these days listening to podcasts.  I’ve found a few good ones, but am looking for ideas.   Security/development is my vocation, but I like a variety of things to listen to.

Currently I’m listening to-

  • The Art of Charm
  • The Changelog
  • The Complete Privacy & Security Podcast
  • Entrepeneur On Fire
  • Greater than Code
  • How I Built This
  • The James Altucher Show
  • The Marie Forleo Podcast
  • Nutrition Facts by Dr. Greger
  • Residual Income Podcast
  • Risky Business
  • Side School Hustle
  • Soft Skill Engineering
  • Stuff You Should Know
  • SUCCESS Insuder
  • Team Never Quit Podcast
  • The Tim Ferriss Show
  • Why Are Computers
  • Advanced Persistent Security

Any other suggestions?

[contact-form-7 id=”231325″ title=”Favorite Podcasts”]

Posted in General | Leave a comment

Python – Day 1

Python or Ruby or PHP

Well…PHP isn’t really an option.  Only Ruby or Python  🙂

As many of you may know, I started off right out of college doing C/C++ programming and finished my software development days with Java.   Since then I’ve been doing application security.   When I do program now, it’s mainly for my own uses and it’s typically in Ruby.

I became interested in Ruby when Metasploit was ported to Ruby.   But in general, the prominent language for scripting related to security is Python.  So, I decided to experiment more with Python.

Right off the bat I’ve found a few things that are annoying

  • White-space scoping.   This is a common complaint if you’re used to languages that are more free-form and have explicit ways to scope.  But, in modern editors take care of it for you and it does enforce a consistent style.  It still bugs me some, though.
  • Library compatibly between versions.  There seem to be two major versions – 2.7X and 3.0.  I’ve not really done enough to know the difference, but there does seem to be a difference in community support for libraries between the two.
  • OO.  There are couple of interesting things about this.   First, why the explicit self parameter as the first parameter to every method?  Second, things like the len function.  It is used to determine the length of many different types of data.   But things like lists, should have a len method IMHO.  They do have a __len__ method, but nothing I’ve read talks about calling it.   It seems like the standalone len function expects it’s target to have a __len__ function so it knows how to get the length.  Why not just have len on the target?  It just seems not well thought-out.


Posted in Python | 2 Comments