June 9, 2026
How I Built a Burp Extension Efficiently with Claude
The hardest part of building a Burp extension used to be the code — now it’s just coming up with the idea.
Raymond Van Wart
2 min read
I recently used Claude to create a Burp Extension that highlights nonstandard HTTP Headers to help security researchers identify potential vectors for injection.
Simply prompting Claude gave inspiration for the extension. I learned that common HTTP headers exist in the IANA registry and can be used as a filter.
A few simple prompts allowed Claude to build a prototype from scratch.
Claude suggests using Montoya API, the newer extension framework from Portswigger.
Ironically, the final 20% of fine tuning took the longest time. I simply suggested small features and implemented them gradually until the project was finished.
Building this extension with Claude was fast and fun. It felt like I was having a conversation most of the time.
Though, a word of caution, near the end I did encounter a few bugs that Claude couldn't resolve. It is important that you know how to code well and are capable of manual analysis else you will hit a brick wall when things become too complex.