BappDescription.html

<p>Imagine GCHQ's CyberChef integrated in BurpSuite with live modification of requests at your fingertips. That's exactly what we had in
mind when we built the Cyber Security Transformation Chef (CSTC) a few years ago. The CSTC is an extension to the popular
BurpSuite Proxy built for experts working with web applications. It enables users to define recipes that are applied to outgoing or
incoming HTTP requests/ responses automatically. Whatever quirks and specialties an application might challenge you with during an
assessment, the CSTC has you covered. Furthermore, it allows to quickly apply custom formatting to a chosen message, if a more
detailed analysis is needed.</p>

<p>As an example, imagine an API that requires an HMAC appended to all messages derived from datapoints inside the message body.
With the CSTC you can extract the necessary datapoints with ease and calculate the HMAC on the fly. Together with the CSTCs
integration into all major BurpSuite components you can now perform automatic intrusion tests with the Scanner, or manual fuzzing
using Intruder and Repeater, without worrying about the HMAC any longer. Another use case is to extract JWTs from incoming HTTP
responses and use them in outgoing requests of the Scanner. This eliminates the need to worry about expiring JWTs while scanning.</p>

<p>The tool uses a GUI which basic idea is similar to the CyberChef. However, it introduces a new concept which we call lanes. The 
output of a CSTC transformation is always determined from the the last lane which has an active operation. This initially takes 
getting used to, but quickly feels intuitive.</p>

<p>Take a look at our basic tutorial on <a href="https://www.youtube.com/watch?v=6fjW4iXj5cg">YouTube</a> or dive into the <a href="https://github.com/usdAG/cstc/blob/master/INTRODUCTION.md">written introduction</a> to the tool.</p>