The 15-minute talk "Python3-based read/write editors in Burp Suite" covers the extensions Piper and Scalpel.
First, the target (a AES-ECB CTF challenge) is introduced. Then a read-only viewer is created in Piper, using a Bash one-liner. This viewer is used to nicely display the encrypted cookie and its blocks. We finally move to a read-write editor, this time with Scalpel and Python3. This editor allows us to easily modify the encrypted data by shuffling blocks around.
We publish articles from times to times, on Agarri's corporate blog or elsewhere...
Use Burp's Intruder to its full advantage (link)
Hotkeys
Useful payload types
Processing responses automatically
Additional tips
Exploiting WPAD with Burp Suite and the "HTTP Injector" extension (link)
Redirect other users' traffic to yourself using WPAD
Exclude SSL traffic from interception (avoid client-side warnings)
Develop a custom extension infecting HTTP traffic (f.e. injecting a BeEF hook)
Test the setup on eBay
Exploiting a Blind XSS using Burp Suite (link)
Use Burp Collaborator to detect a blind XSS
Use Burp Collaborator to exfiltrate data from the victim's browser (cookies!!)
Use the stolen cookie via a Match & Replace rule
Browse the admin interface and get a flag
Deserialization in Perl v5.8 (link)
Spot a HTML form with a hidden parameter whose value is Base64-encoded
Fuzz the value using the "Character Frobber" payload type in Intruder
Identify a Perl deserialization vulnerability
Exploit the vulnerability in Repeater and get RCE
Intruder and CSRF-protected form, without macros (link)
Setup a local "Damn Vulnerable Web Application" target
Analyze the login flow, using a browser and Proxy History
Log in using Repeater (manually dealing with redirects and CSRF tokens)
Use Intruder's Recursive Grep to transparently manage CSRF tokens, w/o macros
Run a brute-force attack in Intruder and find the admin password