@apps3c profile picture
Federico Dotta @apps3c

@apps3c@infosec.exchange

Joined November 2011
  • Tweets 243
  • Following 93
  • Followers 1,108
4 Photos and videos
To wrap up @Burp_Suite Extensibility Month initiatives, I just released AI Reporter, a Burp Suite extension that brings AI-powered automation to penetration test reporting using Burp AI or a local Ollama instance. More details: hnsecurity.it/blog/ai-report…

HN Security - AI Reporter - Let's automate reporting in Burp Suite! - Articles

Burp Suite AI Reporter generates vulnerability findings from HTTP pairs using Burp AI or Ollama/OpenAI. Export to Markdown in one click.

hnsecurity.it
1
2
4
370
As part of @Burp_Suite Extensibility Month initiatives, last week I gave a talk titled “Restoring testability: Handling complex scenarios in Burp Suite with a custom extension”. Video, slides and code can be found here: hnsecurity.it/blog/restoring…

HN Security - Restoring Testability: Slides, Code & Video - Articles

Hi! Last Thursday, as part of the Burp Extensibility Month on the PortSwigger Discord server, I gave a talk on […]

hnsecurity.it
1
8
3,062
Federico Dotta retweeted
Burp Suite@Burp_Suite
May 12
🚀 Want to build your own Burp Suite extensions? As part of Burp Extensibility Month, we’re sharing Burp Ambassador Federico Dotta's (@apps3c) 10-part guide to extending Burp Suite with the Montoya API. Start here 👇 hnsecurity.it/blog/extending… #BurpSuite #BurpExtensibility

HN Security - Extending Burp Suite for fun and profit - The Montoya way - Part 1 -

-> Setting up the environment Hello World Inspecting and tampering HTTP requests and responses Inspecting and tampering WebSocket messages […]

hnsecurity.it
3
2
13
2,054
I’ll be hosting a live session during @Burp_Suite Extensibility Month on the @PortSwigger Discord on May 14 at 4 PM BST / 5 PM CEST. Topic: “Restoring Testability: Handling Complex Scenarios in Burp Suite with a Custom Extension”. Join us live! discord.gg/portswigger?event…

Join the PortSwigger Discord Server!

A place where security professionals, hobbyists, and passionate Burp users can hang out, chat, and collaborate. | 17580 members

discord.com
3
104
To celebrate the @Burp_Suite Extensibility Month, the tenth article of the series "Extending Burp Suite for fun and profit - The Montoya way" is out! The topics of this tenth part is "Burp AI"! Stay tuned for a new extension on the topic on @BApp_Store! hnsecurity.it/blog/extending…

HN Security - Extending Burp Suite for fun and profit – The Montoya way – Part 10 - Articles

Setting up the environment Hello World Inspecting and tampering HTTP requests and responses Inspecting and tampering WebSocket messages Creating […]

hnsecurity.it
4
9
2,896
Federico Dotta retweeted
Burp Suite@Burp_Suite
Apr 30
Highlights include: ✨ Our new Burp Ambassadors, @apps3c and @0xTib3rius, present sessions covering creating custom extensions for complex testing scenarios and a Bambda generation framework. 🔬 A deep dive with PortSwigger researcher @zakfedotkin on vibecoding Burp extensions.
1
2
9
1,494
Federico Dotta retweeted
Burp Suite@Burp_Suite
Apr 30
🚀 Extensibility Month is launching on the PortSwigger Discord! Join us for a month of events, resources, and community discussion all about creating, sharing, and getting more from Extensibility in Burp Suite. #BurpSuite #BurpExtensibility
1
5
17
3,396
Federico Dotta retweeted
PortSwigger@PortSwigger
Apr 23
Meet the Burp Ambassadors: @apps3c 🇮🇹 Federico Dotta is an offensive security researcher with a deep focus on Burp Suite extensibility. #BurpAmbassador #BurpSuite #BurpExtensibility #BApps
2
5
44
4,417
Federico Dotta@apps3c
10 Dec 2025
The ninth article of the series "Extending Burp Suite for fun and profit - The Montoya way" is out! The topics of this ninth part is "Custom scan checks - An improved quick way to extend Burp Suite Active and Passive Scanner"! hnsecurity.it/blog/extending…

HN Security - Extending Burp Suite for fun and profit – The Montoya way – Part 9 - Articles

A comprehensive guide on extending Burp Scanner with custom scan checks.

hnsecurity.it
2
201
Federico Dotta retweeted
BApp Store@BApp_Store
10 Nov 2025
🔄 Brida, Burp to Frida Bridge A bridge between Burp Suite and Frida to help test Android applications. 👇 portswigger.net/bappstore/2c…

Brida, Burp to Frida Bridge

A bridge between Burp Suite and Frida to help test Android applications.

portswigger.net
1
2
2
284
Federico Dotta@apps3c
28 Oct 2025
I released an updated version of Brida (0.6), fully compatible with @fridadotre >= 17! You can download the new release from GitHub and soon from the @Burp_Suite BAppStore. hnsecurity.it/blog/brida-0-6…

HN Security - Brida 0.6 released! - Tools

We are releasing Brida 0.6 that supports Frida 17, which introduced some breaking change in its API.

hnsecurity.it
2
6
276
Federico Dotta@apps3c
29 Jul 2025
A few notes and examples on a topic I've been exploring recently: AI red teaming on LLM-based applications! security.humanativaspa.it/at…
3
5
367
Federico Dotta retweeted
HN Security@hnsec
11 Feb 2025
The unattainable unicorn in fault injection! Our latest article reveals that single-bit faults are possible on ESP32. Discover how some bits are easier to flip and why lowest voltage isn't always best. Join @0x696e6f6465 in his #hardwarehacking quest. security.humanativaspa.it/fa…
5
6
856
Federico Dotta@apps3c
26 Nov 2024
Eighth article of the series "Extending @Burp_Suite for fun and profit - The Montoya way" is out! Topic: BChecks - A quick way to extend Burp Suite Active and Passive Scanner! security.humanativaspa.it/ex…
4
7
965
Federico Dotta@apps3c
19 Nov 2024
Seventh article of the series "Extending @Burp_Suite for fun and profit - The Montoya way" is out! Topic: using the Collaborator in Burp Suite plugins! security.humanativaspa.it/ex…
1
8
916
Federico Dotta@apps3c
13 Nov 2024
Great article on fault injection by my colleague @0x696e6f6465. Definitively worth a read! security.humanativaspa.it/fa…
145
Federico Dotta retweeted
James Kettle
@albinowax
25 Oct 2024
Display responses that came from a server-side cache (Varnish/Cloudfront) with this filter bambda: return requestResponse.response().headerValue("X-Cache").toLowerCase().contains("hit");
10
94
8,766
Federico Dotta@apps3c
30 Jul 2024
Sixth article of the series "Extending @Burp_Suite for fun and profit - The Montoya way" is out! Topic: adding new checks to Burp Suite Active and Passive Scanner! security.humanativaspa.it/ex…
4
12
811
Federico Dotta retweeted
bugcrowd
@Bugcrowd
16 May 2024
Replying to @InsiderPhD
4. Brida, Burp to Frida bridge Bridges Burp and Frida, enabling traffic manipulation across multiple platforms. Simplifies mobile testing with direct function usage for data encryption/decryption, offering custom plugins, tabs, menu options and more. portswigger.net/bappstore/2c…

Brida, Burp to Frida Bridge

A bridge between Burp Suite and Frida to help test Android applications.

portswigger.net
3
30
3,198
Federico Dotta@apps3c
19 Jun 2024
Fifth article of the series "Extending @Burp_Suite for fun and profit - The Montoya way" is out! Topic: adding new functionalities to the context menu! security.humanativaspa.it/ex…
9
25
2,738
Load more