Original Post: BChecks: Houston, we have a solution! | Blog
The article, authored by Ollie Whitehouse and published on June 29, 2023, announces a new feature in Burp Suite Professional called “BChecks.” This feature introduces a scripting language that allows users to create custom scan checks quickly, as an alternative to writing BApp extensions. With BChecks, users can:
– Detect specific vulnerabilities like CVE-2023-1337.
– Identify vulnerability classes and technology stack components.
– Spot characteristics of interest to security researchers, such as CobaltStrike servers.
Key functionalities of BChecks include conditional logic, regex matching, sending raw HTTP requests, interacting with Burp Collaborator, triggering custom payloads, and raising issues with descriptions. An example script provided checks for the Cisco router authentication bypass vulnerability CVE-2001-0537.
The article also mentions a GitHub repository where users can find example BChecks and contribute their own. Instructions are given for using BChecks in audits by configuring Burp Suite Professional scans to report only BCheck-generated issues. The aim of this new feature is to expedite vulnerability discovery and encourage community collaboration through contributions to the GitHub repository.
Go here to read the Original Post