reddit hackernews mail facebook facebook linkedin


Burp Suite extension that allows request/response modification using a GUI.

The Cyber Security Transformation Chef (CSTC) is a Burp Suite extension. It is build for security experts to extend Burp Suite for chaining simple operations on each incoming or outgoing HTTP message. It can also be used to quickly apply custom formatting on each message.

CSTC is especially useful for using already existing capabilities of Burp Suite Professional (Burp Scanner, Backslash Powered Scanner, ...) on web applications using client side calculated MACs, sequence numbers, or similar protections for request validation. However, CSTC does also perfectly interoperate with other Burp Suite features that are available in the Community Edition (Repeater, Intruder, ...).

It is also a great help for analyzing obfuscated HTTP based protocols because it can be used to de- and reobfuscate network traffic passing through the proxy. In this way, the analyst can concentrate on the task of finding vulnerabilities instead of writing a new extension for removing the obfuscation.